What Every Citizen 

Should Know About DRM, 

a.k.a. "Digital Rights Management" 

By Mike Godwin 
Senior Technology Counsel 
Public Knowledge 


PUBLIC KNOWLEDG E 


NEW AMERICA FOUNDATION 




What Every Citizen Should Know About DRM, 
a.k.a. "Digital Rights Management" 


By Mike Godwin 
Senior Technology Counsel 
Public Knowledge 


Public Knowledge 


New America 

FOUNDATION 


Washington, DC 






Acknowledgements 

This “DRM primer” would not have come about without the author’s having worked with 
an informal “Risks of Copy Protection” expert group that includes Ed Felten, Matt Blaze, 
Phil Karn, Steve Bellovin, Bruce Schneier, Alan Davidson, John Morris, Hal Abelson, and 
Bill Cheswick. Two members of the group — Ed Eelten and Matt Blaze — deserve special 
thanks for framing a number of copy-protection technology issues with such clarity that I 
have to some extent reproduced that clarity here. Phil Karn similarly deserves special thanks 
for his discussion of the extent to which peer-to-peer file-sharing is a feature of the Inter¬ 
net’s fundamental design. Andy Moss and Aaron Burstein each made a wide range of helpful 
comments and observations on earlier draffs of this primer. 

I’m particularly grateful to my boss, Gigi Sohn, for giving me the opportunity to explore 
the landscape of digital rights management and to develop further some of my ideas about 
the directions in which DRM may take us. I’m also thankful for the support and feedback of 
my other fellow staff members at Public Knowledge — Sarah Brown, Alex Curtis, Ann Dev- 
ille, and Nathan Alitchler. I consider myself fortunate to be backed by such a knowledgeable 
and resourceful team; each of my colleagues contributed in many ways to the development 
of this project, and all of them read this paper in various stages of development and offered 
helpful corrections and suggestions. 

Any mistakes, however, remain my own, as do my reasoning and conclusions; my col¬ 
leagues and friends should not be blamed for any wrong turns I have made. 


Contents 


I. A Brief Introduction To DRM and its 

Relationship to Copyright Law.i 

What is "DRM," and How Did It Get Here?.1 

How Copyright Is Different From Other Rights. 1 

Why Copying Used To Matter, and Why It Still Does.2 

When Printing Presses Became Commonplace.2 

The Growth and Expansion of Copyright Law.3 

Technological Changes Challenge Copyright Law.3 

The Ways of Adapting to Cheap Copying.4 

How Copying Enriches Our Culture.5 

II. What Does DRM Look Like?. i 

A. Encrypting or Scrambling Content.7 

B. Marking.9 

C. Other Approaches.17 

III. Should DRM Be Imposed By the Government?.19 

A Brief History of Software Copy Protection.19 

The Advantages of Selling Software Rather Than Content.20 

How The Content Producers Have Responded.21 

IV. The "Threat Model" of Universal Infringement, 

and the Potential Threats Posed By DRM . 23 

A. Can "Peer to Peer" Be Stopped On the Internet Itself?.24 

B. Who's a Host On Today's Internet?.27 

V. Conclusion: Can There Be a "Humane" DRM?. 27 

Selected Readings.35 


Endnotes, 


.37 


























I. A Brief Introduction To DRM 
and its Relationship to Copyright Law 


What is "DRM," and 
How Did It Get Here? 

Most broadly, DRM (an acronym for 
“digital rights management”) is a collec¬ 
tive name for technologies that prevent 
you from using a copyrighted digital work 
beyond the degree to which the copy¬ 
right owner wishes to allow you to use it. 

At first glance, the increasing use of 
DRM by movie companies, by con¬ 
sumer-electronics makers, and by com¬ 
puter makers may not bother you very 
much. You may look over the increasing 
use of DRM and ask yourself why you 
should care. After all, isn’t DRM just a 
technical means of giving copyright 
owners new ways to protect the legal 
rights they already have? 

You should care because you have 
something personal at stake both in the 
balances built into our copyright law, 
and in the technologies, such as personal 
computers and the Internet, that might 
be restricted or controlled in order to 
protect copyright interests. The choices 
we make now about copyrighted works 


and about technological protections for 
such works will affect us for a long time 
to come. This is why, as we work 
through our rmderstanding of DRM, we 
need to make sure we understand copy¬ 
right as well. Although there is a ten¬ 
dency on the part of some people to 
equate copyright interests with other 
kinds of ownership and property inter¬ 
ests, under our legal system copyright is 
actually significantly different. 

How Copyright Is Different 
From Other Rights 

Here’s one important difference: copy¬ 
right law frequently allows other people 
(sometimes teachers, reporters, or schol¬ 
arly researchers) to quote a copyrighted 
work without the copyright owner’s per¬ 
mission. We don’t normally make the 
same kinds of exceptions for unautho¬ 
rized uses of other kinds of property — 
for example, you don’t get to use your 
neighbor’s car just because he’s not using 
it this afternoon, and you happen to 
have an urgent need for transportation.' 


1 



I. A Brief Introduction To DRM and its 
Relationship to Copyright Law 


Copyrighted works are different in several other 
ways. They remain the owner’s (or her heirs’) 
“property” only for a limited time period, unlike 
other, older kinds of property. The family manor 
may have belonged to your and your ancestors for 
centuries, perhaps (if you’re the kind of person 
who grew up in a manor), but the copyright inter¬ 
ests of your grandfather may, at some long period 
after your grandfather’s death, cease to be anybody's 
property. We often refer to this final stage of the 
legal protection for a copyrighted work by saying it 
has “become part of the 
public domain” — a kind 
of “property” still, but one 
that belongs to everyone 
and can be used by and 
copied by anyone without 
restriction.^ 

Copyright protection of 
certain kinds of creative 
works is built into the 
it had taken the monks Constitution. We infer 

from the language of the 
to make a copy. Constitution that the 
Framers saw value in 
granting artists and 

authors (or the people to whom the artists and 
authors gave their rights in their creations) a kind 
of “exclusive” right in the created work. This 
means that copyright law allows the copyright 
owner to “exclude” other people from copying it, 
at least so long as the legal term of protection of 
the work lasts, and so long as their copying or 
other use of your work doesn’t fall within one of 
the specific exceptions, such as “fair use,” that are 
allowed for in our copyright scheme.^ 

Why Copying Used To Matter, 
and Why It Still Does 

But why all this focus on “copying? ” There are 
technological reasons for the focus on copying in 
the law of copyright (which unhke many legal 
terms is almost self-explanatory; the term literally 
focuses on the right to make copies, although over 
the course of time copyright law in the United 
States and around the world has increasingly 
encompassed some related rights as well) .The tech¬ 


nological reasons are that, for almost all of human 
history, the human capability to make copies of a 
creative work was very limited. Monks used to 
spend their hfetimes in the monasteries making 
copies of pre-existing works, sometimes adding 
valuable commentary or illustrations (then as now, 
it often helps to break up a block of text with a 
pretty illustration or a helpful diagram or an itali¬ 
cized headline). Their copies had to be perfect, 
without error — and asking human beings to make 
perfect copies of anything someone else said or 
wrote is a very demanding thing. 

This was true until a number of technological 
changes made copying easier. The first major 
change was the invention of the printing press — a 
huge device that required lots of expertise and 
maintenance to operate, but that enabled printers 
to make (and sell) many copies of books that were 
essentially identical to one another. 

The printing press created a great opportunity for 
authors. Instead of begging for patronage from a 
rich man, a nobleman, or a church to create some¬ 
thing in writing, an author could make a deal with a 
printer, so that the books or other materials he 
wrote could be sold — perhaps many copies of the 
work — and both the author and the printer could 
reap a direct financial reward. The printing press led 
to a slow explosion (it took a century or two) of the 
number and availability of books in Europe and 
elsewhere that even ordinary citizens might buy (or 
otherwise have access to and perhaps even read). 

All this was because the printing press made 
copying a certain kind of creative work — written 
works, perhaps supplemented with engraved illus¬ 
trations — technologically possible in a fraction 
of the time it used to take the monks to make a 
single copy. 

When Printing Presses 
Became Commonplace 

But the process was expensive, so anyone who 
wanted to publish a book usually had to find a 
printer or publisher to sponsor the making of 
copies for sale. Until very recently in our history, if 
you had a book that you wanted to get to a wide 
audience, you more or less had to have the support 
of a patron to get it published. 


The printing press made 
copying a creative work 
technologically possible 
in a fraction of the time 


2 





What Every Citizen Should Know About DRM, 
a.k.a. "Digital Rights Management" 


More important than the expense and difficulty 
of printing books, however, was that printing 
changed the way we all thought of books (and later, 
of other creative works that could be copied). We 
began to think the creative effort of the author was 
the real thing of value, or at least far more valuable 
than a single copy of the book might be. (In gen¬ 
eral, that is; sometimes books are themselves rare, 
collectable items, but that’s not normally the case.) I 
might buy a copy of The Hunt For Red October, and I 
might even say it’s “my book,” but on another level 
I reflexively realize that in some other sense, my 
book (and everyone else’s copy of it) belongs to the 
author, Tom Clancy — he has more rights to use its 
text than I do, or at least that’s the starting point of 
copyright law. When I own a book, I own ordinary 
“tangible” property; the author, at least until the 
period of legal protection of the copyrighted work 
ends, owns the “intellectual property.”'^ That is, the 
author, or the person or group or company he gives 
his rights to, “owns the copyright.” 

This whole system of “copyright law” — which 
began in Europe and then was made part of the 
Constitution of the United States, has worked pretty 
well for the few centuries it has existed. It has been 
extended to other creative works, including paint¬ 
ings, photography, and even architectural design. 
Traditionally, the copyright system has been seen as 
a force that makes our culture richer. For one thing, 
this new publishing-industry system meant that 
more authors got paid (not so many had to beg for a 
subsidy from a king or a pope). For another, more 
artists and authors were inspired to create, because 
the time and effort it takes to create new works 
could end up with the artists and authors getting 
paid, which made the creative effort even more 
worthwhile, and occasionally even paid the rent. 

The Growth and Expansion 
of Copyright Law 

Of course, this system has not been without its 
problems. Before there were comprehensive inter¬ 
national copyright treaties, publishers in some 
countries might print works of authors from other 
countries right next door, and the original authors 
might not even learn of this act. Then as now, 
advocates of international copyright systems have 


preferred to equate such unauthorized pubhcation 
as a kind of “theft,” but there’s a special legal term 
for unauthorized use or copying of copyrighted 
works: “infringement.” The reason for the differ¬ 
ence in terminology is that, generally speaking, 
copyright infringement imposes a different kind of 
loss or damage on the copyright holder than the 
theft of physical property imposes on a traditional 
property owner. In addition, “infringement” is 
defined in terms of specific statutorily granted 
rights belonging to the copyright holder, whereas 
“theft” generally is understood in terms of older, 
common-law property interests that don’t require 
any statutory creation or grant. 

But, basically, the difficulty and expense of mak¬ 
ing copies of works — even with the invention of 
better and faster printing presses — kept unautho¬ 
rized copying of legally protected works at a low 
level compared to what became possible in the 
modem era. And international legal agreements 
made it increasingly difficult for publishers in other 
countries to pull the old infringement-across-the- 
border dodge. 

Technological Changes 
Challenge Copyright Law 

All of this began to change, however, in the 20th 
century, and has accelerated to a surprising degree 
in the 21st. This is because, when the lawyers and 
legislators and judges first framed the idea of pro¬ 
tecting an author’s interest in his or her creative 
work by focusing on the copying of the work, they 
did so at a time when copying was expensive, and 
illegal copying was hard to conceal. So it seemed 
only natural to take the dijficult part of making 
unauthorized use of an author’s work — the mak¬ 
ing of a copy — to build a framework of legal pro¬ 
tections to protect authors and pubhshers from 
illicit copy makers. 

But with the advent of cameras, photocopying 
machines, tape recorders, and other consumer- 
operated copy-capable machinery and tools — 
tools that grew both less expensive and more pow¬ 
erful over the course of the 20th century — the 
idea that the making of a copy is the easiest place to 
enforce a creator’s or publisher’s right became 
more questionable. 


3 



I. A Brief Introduction To DRM and its 
Relationship to Copyright Law 


Computers and computer networks, as well as 
other digital tools, have made the problem even 
more acute. Computer companies and software 
vendors discovered an aspect of this problem in the 
late 1970s and early 1980s, because the software 
that ran on personal computers is inherently copy- 
able. Their experience led to the first efforts at 
DRM, then known only as “copy protection.”^ 
Many of us are aware how it is so inexpensive to 
make computerized copies of digital creative works 
that the cost probably is too small to be measured. 
What is less well-recognized (but just as true) is 
that other digital tools make it possible to take ana¬ 
log works (original paintings, say, or printed books) 
and digitize them and distribute the perfect copies 
— sometimes as part of an illicit “copyright piracy” 
enterprise, for commercial gain, and sometimes 
just for free.'' In effect, digital tools make the copy¬ 
ing of any content, regardless of its form, far easier 
than it used to be. 


The Ways of Adapting to 
Cheap Copying 

So the problem, at least as many artists, authors, 
and publishers see it, is how to make copying of 
creative works more difficult or at least more con¬ 
trollable. Putting the breaks on easy copying makes 
it less necessary to revise the whole system of law 
we’ve built around the notion of “copyright.”^ 

For those who want to make copying difficult, 
as it once was, the digital revolution has been 
both a curse and a blessing. On the one hand, 
when a work is in digital form, it can easily be 
copied by digital mechanisms such as the “copy” 
functions in computer operating systems. But 
when the work is in digital form, it turns out, 
there are also a number of technological options 
that can be employed to hmit one’s abihty to copy 
all or part of a work. WTien Stephen King pub¬ 
lished a novella in 2000 called “Riding the Bullet” 
and sold it (through his publishers) over the 


Analog Versus Digital 

It's important to understand at this point the funda¬ 
mental differences between digital technologies and 
analog technologies. "Digital" generally refers to rep¬ 
resentation of information, including content, as 
ones and zeros (or "bits"). There are a number of 
advantages to the use of digital technologies - the 
major one is that it is possible for the receiver of dig¬ 
ital content to determine whether there has been an 
error in transmission, and to correct the error (by 
seeking retransmission of the altered or lost bits). 

This is why the word "digital" has a certain appeal 
for both consumers and vendors - the word con¬ 
notes quality, because it suggests (not always accu¬ 
rately) that the content has been perfectly copied or 
transmitted for consumer use. Moreover, the fact that 
it can be subjected to such error-checking is what 


makes it possible for the content to be subjected to 
digital encryption and decryption techniques. 

For most of the history of consumer electronics, 
however, analog technologies, which directly repro¬ 
duce the waveforms of auditory and visual informa¬ 
tion but do not translate them to "bits," have been 
at the heart of home-entertainment systems. Even 
where digital technologies and content formats 
have become commonplace (as music CDs and 
movie DVDs are), they are most commonly used on 
systems with analog components (such as stereo 
systems that use analog connectors to connect CD 
players to speakers). Similarly, in the United States, 
most TV watchers view television content through 
analog TV displays, even when the actual signal car¬ 
rying that content (a cable or satellite signal, for 
example) may have been digital when it first arrived 
in the home. 


4 




What Every Citizen Should Know About DRM, 
a.k.a. "Digital Rights Management" 


Internet, the book was placed in a digital format 
that limited what you could do with it — there 
were restrictions on whether you could print any 
of it at all, or print it out on your printer just 
because you prefer the feel of paper. 

King’s experiment taught all of us at least two 
things: (a) that there’s a market for works in digi¬ 
tal form that can be downloaded and used on 
your computer and other digital devices, and (b) 
some folks who had never read a book online 
before discovered that, even apart from the diffi¬ 
culties of reading a book on a computer screen, 
the limitations on a digital creative work seemed 
to be even greater than those on a paperback 
copy. (At least with the latter you can take the 
paperback to a photocopier and grab a few page 
copies that way.) 

King’s experiment underscored the burgeoning 
movement by publishers, record and movie compa¬ 
nies, and other enterprises that either are creative 
themselves or that work with creative people to 
develop and market new works — a movement to 
find digital tools that put limits on what individual 
citizens can do with the copies of creative works 
that they buy. 

And this new movement brings us back to the 
set of issues with which ordinary citizens should be 
increasingly concerned. Because, as Law Professor 
Juhe Cohen has put it, the traditional copyright 
system has been helpfully “leaky,” our culture has 
benefited from creative works even when those 
works are still protected by copyright law. For 
example, many of us know pop song lyrics even 
though we never bought a sheet of music — the 
fact that we know them by heart, and even can 
sometimes sing them to each other, is something 
that makes our lives a htde richer, without really 
making the creator or pubhsher any poorer. 

Indeed, if we sing well enough (or badly enough), 
we may inspire someone to go out and buy the 
original recording. 


How Copying Enriches Our Culture 

More generally, creative works that can easily be 
quoted and shown to other people and reused in 
creative ways help enrich our culture by replenish¬ 
ing it with the latest and best creative works. To 
put it bluntly, our lives are richer because we get to 
share so much of our culture even as we continue 
to maintain a system that encourages artists and 
authors to create more cultural works. 

A potential problem with DRM is that, when it’s 
done in the wrong way, it may end up walling off 
parts of our culture from one another. Worse, the 
perceived need to use DRM to protect every digital 
work may cause undesirable changes in the very 
technologies that have revolutionized our daily 
lives over the past two and a half decades. 

The questions we have to ask now are these: 

I What does DRM look like? What forms does it 
come in? 

I Should DRM be administered by the govern¬ 
ment or developed solely in the marketplace? 
What limits, if any, should be placed upon it? 

I What harms can it do to the balances built into 
our copyright law? What other harms might 
DRM cause? 

I Are there good forms of DRM that benefit citi¬ 
zens? If not, could there be? What would such 
forms of DRM look like? 

The remainder of this essay discusses these top¬ 
ics in detail and draws certain conclusions about 
the right path for us to take with regard to copy¬ 
right and DRM. We focus here both on technical 
issues and proposals and on the legal and policy 
proposals these technical issues and proposals have 
generated. The goal here is to come up with con¬ 
clusions that are apphcable across a broad range of 
proposed copyright-protection schemes, and not 
just the particular technology-mandate proposals 
being considered in Congress and elsewhere. 


5 



II. What Does DRM Look Like? 


Since the beginnings of the personal 
computer revolution, more than a quar¬ 
ter of a century ago, a number of 
approaches and technologies have been 
developed to prevent unauthorized 
copying of, or to otherwise control digi¬ 
tal content. There are three broad 
classes of approaches that are currently 
used, or that have been proposed in var¬ 
ious standards-setting or legislative pro¬ 
ceedings. Sometimes these approaches 
are used by themselves, and sometimes 
in combination with one another. 

A. Encrypting or 
Scrambling Content 

A common approach to copy protection 
is encryption — the use of a mathemati¬ 
cal/computational process to scramble 
information so that only those who have 
the right key or keys can obtain access 
to it. This, for example, is how your 
DVD movies work — their content is 
scrambled so that only DVD players 
that have the right keys can decrypt the 
content so that you can watch the DVD 


movie. Similarly, if you receive cable or 
satellite television, your TV service 
provider normally scrambles content in 
ways that prevent most unauthorized 
people (that is, nonsubscribers) from 
getting access to it. 

The basic approach for encryption is 
to encrypt the digital content so that 
only a player with both the decryption 
device or software and the proper key 
can play the content. The content 
owner can broadcast the content to 
everyone but unless the recipient has 
valid decryption keys he cannot play the 
content. Scrambling is a similar copy¬ 
protection approach, but without a user- 
applied key; instead, the key that 
includes the unscrambling algorithm 
resides in the player device (which may 
be hardware, or software, or both). 

There are several varieties to encryp¬ 
tion-based copy protection. In the sim¬ 
plest type, all content is encrypted under 
a single master key. This is considered a 
very fragile scheme because, once the 
single key is compromised, the entire 


7 



II. What Does DRM Look Like? 


In spite of the breach 
of DVD copy protection, 
the DVD market 
continues to witness 
remarkable growth. 


system is considered compromised or “broken.” ® 
Cryptographers generally disfavor such “Break 
Once Break Everywhere” (a.k.a. “BOBE”) encryp¬ 
tion schemes. 

More robust approaches avoid the pitfalls of 
BOBE by using many different keys. Some encryp¬ 
tion-based systems encrypt each piece of content 
with its own individual key. As a result, the loss of a 
single key only means the compromising of a sin¬ 
gle piece of content, and not the entire system. In 
the most complex variants of encryption-based sys¬ 
tems, the encryption keys are unique not only for 
the content but for the 
player as well. Thus, 
someone who received 
both the encrypted con¬ 
tent and the encryption 
key associated with 
another person could not 
play the copied content on 
his own player. 

An example of this more 
secure encryption-based 
approach can be found in 
Europe, where encryption- 
based copy protection is commonly used by pay- 
television satellite-TV providers. Subscribers have 
a hardware set-top box that unscrambles the satel¬ 
lite transmissions into video signals that are then 
displayed on a standard television. Users have a so- 
called “smart card”: a personalized device that 
plugs into the set-top box and controls which tele¬ 
vision programs can be decrypted and displayed. 
The satellite television providers transmit their 
programming in scrambled form, and set-top boxes 
with authorized smart-cards are able to imscramble 
programs for viewing. The broadcasters can also 
send instructions to individual smart cards, author¬ 
izing them to unscramble certain television shows 
or prohibiting them from unscrambhng others. 

A similar scheme, called Content Scrambling Sys¬ 
tem (also known as “Content Scramble System” or 
“CSS”), has been used by the DVD industry. Com¬ 
mercial DVDs are encrypted with a series of keys. 
These keys are embedded in different video players, 
whose manufacturers are licensed to build them into 
their products. As a general result, only “authorized 


viewers” (those with legitimate, authorized DVD 
players that use authorized keys) can watch the 
DVDs. The Content Scramble System was designed 
so that the administrators of the system are able to 
“turn off’ certain keys if they are compromised — 
so that some DVD players with now-deauthorized 
keys could be shut out of playing new DVDs with¬ 
out causing the entire system to fail. 

As it happens, however, CSS in its existing form 
has already been compromised by a Norwegian 
citizen named Jon Johansen, who came up with a 
generalizable workaround for the DVD scram¬ 
bling system. That workaround computer pro¬ 
gram, called “DeCSS” makes it possible for 
sufficiently sophisticated users to sidestep DVD 
scrambling and render DVD movie content 
unscrambled {a.k.a., “in the clear”), so that it can 
be viewed on any player and, more important in 
the context of copyright policy, can be copied on 
the Internet and elsewhere. 

In spite of this breach of the CSS system, 
however, movie companies continue to produce 
DVD movies using the existing scrambling system. 
As a practical matter this breach has not hurt 
the DVD market, which has continued to see 
remarkable growth in the period since Johansen 
published DeCSS.^ 

While it is not yet evident that Johansen’s 
“crack” of the CSS system will cause long-term 
harm to the DVD market, the failure of CSS to 
survive a deliberate attempt to circumvent it has 
spurred both the content companies and the com¬ 
puter and consumer-electronics companies that 
produce players for DVDs to explore alternatives 
in the delivery of content that may be more secure. 

Trusted Computing and Tethered Content 
One idea that has gained some currency — not 
least because versions of it have been promoted by 
Intel (the leading manufacturer of personal-com¬ 
puter microprocessors) and by Microsoft (the lead¬ 
ing manufacturer of personal-computer operating 
systems) — has been to deliver content in 
encrypted form, and allow it to be decrypted only 
within a tamper-resistant environment within a 
computer or other device. This approach relies on 
a new design feature for Intel-based personal com- 


8 




What Every Citizen Should Know About DRM, 
a.k.a. "Digital Rights Management" 


puters — a design feature that goes by various 
names, most commonly “trusted computing” or 
“the Next Generation Secure Computing Base” 
(NGSCB).'** This approach has its advantages — 
notably, it doesn’t have the flaw of being “Break 
Once Break Everywhere” — but it also restricts 
users of this content more than they are restricted 
by analog versions of the content, or by previous 
digital versions of it.'^ 

Unlike variations of the encryption approach 
that require that all content be encrypted rmder a 
single key, content-protection approaches that rely 
trusted computing, which use a separate key for 
each computer or other playback device, can be 
used to tether content to that particular device. 
The notion that content may be “tethered” to a 
particular platform or to particular individual users 
is comforting to many in the content industry, 
because doing so could drastically limit the extent 
to which content can be copied and redistributed 
on the Internet (or by any other means). It is trou¬ 
bling, however, to many copyright scholars, who 
believe that an individual’s ability to give away or 
sell the copy of a work that he or she buys — the 
right referred to by copyright scholars as the First 
Sale Doctrine — is central to the balance of rights 
built into our copyright laws. It is also troubling to 
many consumers, consumer advocates, and busi¬ 
nesses, because they expect to have the right to 
give away or resell the copies of copyrighted works 
that they buy. Used bookstores, for example, 
depend on this right for their very existence. 

B. Marking 

The second approach to copy protection is some¬ 
thing we can call “marking;” it depends on adding 
a mark in some way to the digital content. The 
mark may be used to indicate that the content is 
copyrighted, and in some cases it also carries 
instructions about what uses of the content are 
authorized. For example, in theory a mark may 
label some content as “do not copy” and another 
mark may label some other content as “copy once 
but don’t re-copy.” 

There are three general forms a mark may take 
in the digital world. First, it may take the form of a 
simple label that is sent along with the content. 


Second, it may be a “watermark” - an arrangement 
of digital bits hidden in the background of the digi¬ 
tal content. Or, third, it may be a “fingerprint” — a 
unique identifier that is derived from the charac¬ 
teristics of the content itself 

Marking is typically used for one of three rea¬ 
sons. First, it is used when an encryption-based 
method, for whatever reason, is not viable (or is 
not perceived to be viable). For example, if the 
Federal Commrmications Commission requires 
that broadcast television signals not be encrypted 
— that they be broadcast “in the clear” — any 
DRM for broadcast television signals must be 
based on marking. Second, marking is used in 
systems that attempt to detect copying after the 
fact rather than preventing it — such use is among 
the so-called “forensic” uses of marking. Putting a 
mark on a piece of digital music, for example, 
allows one to create a search engine that can find a 
marked clip on the Internet, which the searcher 
might then assume is an rmauthorized clip (on the 
theory that authorized marked clips aren’t available 
at all via the Internet). Moreover, if the mark is 
sufficiently sophisticated, it may carry information 
that can be used to determine where the unautho¬ 
rized content originated {e.g ., from a movie- 
studio employee). 

The third major use of marking is as a response 
to the so-called “analog hole.” The term “analog 
hole” refers to the ability of a would-be infringer 
to capture content as it is being played (or just 
before it is played). An example of this would be 
playing of a DVD and capturing the DVD’s con¬ 
tent by using a camera with a microphone, or by 
replacing an output device such as a television set 
with a recording device, or by connecting to the 
digital player through analog connectors. 

Encryption-based methods by themselves do 
not address the analog hole, because content must 
be decrypted in order to play it. At the point of 
playing, decrypted content is, at least for the 
moment, “in the clear” and can be captured in a 
number of ways and redigitized.By contrast, 
some kinds of marks may remain attached to 
the content even as the content is being played, 
which is the basis for some models of content-pro¬ 
tection schemes. 


9 



II. What Does DRM Look Like? 


The "simple label" approach 
The simplest type of mark consists of a straightfor¬ 
ward label that is sent along with the content. You 
can think of this as if it were a copyright notice 
that is paper-chpped to a document. The “simple 
mark” approach is especially cheap and simple to 
implement — although only at the content-pro¬ 
duction level — because the mark is easily located 
and is separate from the content. The costs associ¬ 
ated with marking content are not, however, neces¬ 
sarily cheap and simple to implement on the 
hardware side — there are many costs associated 
with upgrading computers 
and other digital devices to 
recognize the mark. More¬ 
over, a simple mark may 
not be sufficiently sophisti¬ 
cated to serve as a forensic 
mark, since it may not 
carry enough information 
content is received to indicate the precise ori¬ 
gin of the unauthorized 

outside a secure system. content, and since even if 

it does carry that informa¬ 
tion the mark may 
nonetheless be easy to remove. 

An example of a simple label is a “broadcast flag” 
that can be attached to a digital television broadcast. 
Note that the term “broadcast flag” is often used, 
inaccurately, to refer to a much broader and more 
complex broadcast protection scheme of which the 
flag itself is only one small part; see the outline of 
the “broadcast flag” scheme below for a detailed 
discussion of one such scheme. In this paper, the 
term “broadcast flag” means the digital mark by 
itself — “broadcast flag scheme” is the term used 
for any larger framework that is based on systematic 
mechanical recognition of the broadcast-flag mark. 

Broadly described, a broadcast-flag scheme for 
digital television works this way: A digital televi¬ 
sion broadcast transmits a sequence of discrete 
packets of data to its recipients. Each packet con¬ 
tains a part of video that is to be displayed, pre¬ 
ceded by a brief “header” that conveys such 
information as where the packet fits into the over¬ 
all sequence. The header may also contain a digital 
bit or “broadcast flag” which labels the broadcast 


as copyrighted and which additionally conveys that 
the copyright owner grants only certain limited 
privileges to the broadcast’s recipients. Alterna¬ 
tively, a broadcast flag may not be present in every 
packet of digital TV content — if so, hardware 
must be redesigned to capture and “hold in deten¬ 
tion” the packets of televised content until enough 
of packets can be examined to determine whether 
a broadcast flag is present. 

In such a scheme the mark is not part of the con¬ 
tent itself; instead the mark merely accompanies the 
content. This is both the strength and the weakness 
of this approach. It is a strength because it allows 
the mark to be found and interpreted easily, and 
because the mark can be applied to virtually any 
type of content. It is a weakness because anyone 
who receives the content outside of a secure home- 
entertainment architecture can easily separate the 
mark from the content by editing it out.^"*^ 

The "Watermark" approach 

Most people think of the term “watermark” in refer¬ 
ence to paper products — hold a watermarked piece 
of paper up to the light, and you can see where the 
manufacturer has marked it, perhaps with his or her 
company logo. On paper, a watermark is not part of 
the content, but part of the medium (paper) on 
which the content has been placed. 

In the digital world, however, a watermark is a 
subtle mark that is added to the digital content 
itself For example, if the content is a recorded 
song, the watermark might be a faint sound that is 
added as background noise to the song. Digital 
watermarks are so named because they serve the 
same purpose as watermarks on paper — the idea 
is to embed a subtle mark deeply into the fabric of 
the content, without interfering too much with the 
content itself 

A successful watermark must have three character¬ 
istics. It must be: 

I Imperceptible to the user of the content: 
Adding the watermark must not affect the user’s 
experience in viewing the content. 

I Detectable by machines: An authorized player 
or other digital tool must be able reliably to 
detect the watermark. 


A simple mark (such as 
the "broadcast flag") can 
be easily removed if the 


10 




What Every Citizen Should Know About DRM, 
a.k.a. "Digital Rights Management" 


I Difficult or impossible to remove: It must be dif¬ 
ficult or impossible for an unauthorized party to 
remove the watermark or to render it unde¬ 
tectable, except by unacceptably damaging the 
perceptual quality of the content. 

Several companies offer products that claim to meet 
these requirements. Only a few of these products, 
however, have undergone independent scientific 


scrutiny, and those few that have undergone such 
scrutiny have not stood up well. As a technical mat¬ 
ter no one knows for certain whether it is even pos¬ 
sible to meet all three requirements simultaneously. 

Unhke a simple label, a successful watermark 
would be embedded in the content itself, and if the 
watermark were adequately persistent then nobody 
would be able to separate it from the content — or 
at least not without a great deal of trouble. 


Can Watermarking Work? 

As we have noted, a watermark must meet three 
technical criteria; it must be: 

I Imperceptible to the user of the content 
I Detectable by machines 
I Difficult or impossible to remove. 

Is it possible to meet these three criteria simultane¬ 
ously? We find ourselves asking this question because 
the criteria seem to be in conflict with one another. 
For example, it must be possible to add to digital 
content a mark that is an imperceptible mark, yet it 
also must not be possible to subtract out that mark 
imperceptibly. Similarly, it must be relatively easy and 
cheap for any player to find a watermark; but it must 
be impossible for anyone to find (and then presum¬ 
ably remove) the watermark. 

Watermarking also appears to conflict with popular 
data compression methods such as MPEC4 and 
MP3.* These methods reduce the size of a content 
file, and thus allow that file to be stored more com¬ 
pactly or transmitted more quickly, by discarding any 


aspect of the content that human eyes cannot see (or 
that human ears cannot hear), and that therefore is 
unnecessary to one's enjoyment of the content. This 
poses a problem for watermarks, as an imperceptible 
watermark consists of exactly the kind of information 
that such a compression method is trying to remove. 

If compression methods are imperfect, as today's are, 
then watermarks can be "hidden in the margins" by 
building them out of imperceptible elements that the 
compression methods do not yet know how to 
remove. But as compression methods get better, these 
"margins" will shrink, and it will become harder and 
harder to create imperceptible watermarks that are 
persistent in the face of compression. 

As we have no solid evidence that watermarking is 
possible, and we have reason to doubt whether the 
requirements for a watermarking scheme can be met, 
we have every reason to doubt that a successful 
watermarking method will be discovered anytime 
soon. These general reasons for skepticism are sup¬ 
ported by the history of watermarking research, 
which has repeatedly shown the weakness of pro¬ 
posed watermarks. 


* MPEG stands for "Moving Pictures Experts Group," which is the name of family of standards used for coding 
audio-visual information (e.g., movies, video, music) in a digital compressed format. MPEG-4 is a one of the more 
recent standards of audiovisual content compression, and is more efficient than earlier standards, such as MPEG-1. 
MP3 is the term for the audio layer of the MPEG-1 standard, and is the part of the MPEG-1 standard that is used 
for encoding soundtracks. More recently, it has become the most common format for digital music that is traded or 
distributed online. 


11 




II. What Does DRM Look Like? 


The "fingerprinting" approach 
A fingerprint is a type of mark that is not added to 
the content, but is extracted from the preexisting 
characteristics of the content.^'’ For example, if the 
content is a recorded song, then the fingerprint 
may be derived from the song’s tempo, its rhythms, 
the length of its verses or movements, and mix of 
instruments used, and/or other features. 

To be effective, a fingerprinting method must be: 

I Unique or At Least Precise: Two pieces of 
content that look or sound different to a person 
should almost always have different fingerprints. 
I Difficult or Impossible to Remove: It must be 
difficult or impossible for an unauthorized party 
to alter the content in a way that changes its fin¬ 
gerprint, except by unacceptably damaging the 
perceptual quality of the content. 


Tb be successful, a fingerprinting method must 
meet both of these requirements. A number of 
companies offer fingerprinting technologies that 
claim to satisfy these requirements, but none of 
these claims has undergone independent scientific 
scrutiny. As a technical matter, it has not been 
independently established whether it is even possi¬ 
ble to meet both requirements simultaneously. 

Since the fingerprint is derived from the preex¬ 
isting content, it cannot be used to store informa¬ 
tion about the content, such as an enumeration of 
authorized uses. (By way of analogy, your actual 
fingerprints may be unique to you, and may serve 
to identify you, while telling us nothing at all about 
your legal status.) Instead, the fingerprint acts as a 
unique identifier for each piece of content, and this 
identifier can be used to access an external database 
containing information about each piece of con- 


Can "Fingerprinting" Work? 

As stated above, a fingerprint is a "mark" that is 
extracted from the preexisting characteristics of the 
content. For example, if the content is a recorded 
song, then the fingerprint may be derived from the 
song's tempo, its rhythms, the length of its verses or 
movements, the mix of instruments used, and similar 
features. 

To be effective, a fingerprinting method must be: 

I Unique or At Least Precise 
I Difficult or Impossible to Remove: 

As is the case with digital watermarks, it is not estab¬ 
lished whether it is even possible to meet these two 
criteria simultaneously. 

Unlike a watermark, which can carry instructions 
about how content is to be treated, a fingerprint carries 
no descriptive data about the content but can only to 
serve as a unique identifier for a particular content file. 
Information about the copyright status and permis¬ 


sions associated with the content cannot be stored in 
the fingerprint, but must be obtained from a database 
somewhere. It follows that in a DRM system based on 
fingerprinting, every player must be connected to the 
Internet (or some similar system) so that it can contact 
the database to check the status of each content file 
before playing that file. This fact rules out the use of 
fingerprinting in many DRM scenarios. 

There has been no generally recognized public sci¬ 
entific research on the question of whether a finger¬ 
printing method can be both precise and persistent. 
This is not to say that there may be no use for finger¬ 
printing. As it happens, fingerprinting has uses other 
than DRM, and the evidence indicates that it has 
promise for those other uses. The key unanswered 
question is whether a fingerprint can be persistent - 
whether an attacker can find a way to modify the 
content so that the fingerprint changes, without dam¬ 
aging the perceptual quality of the content. In the 
absence of evidence suggesting that fingerprints are 
persistent, it is appropriate for us to be skeptical 
about them. 


12 




What Every Citizen Should Know About DRM, 
a.k.a. "Digital Rights Management" 


tent. Assuming that such a database could be built, 
a fingerprint could serve roughly the same fimction 
as a watermark.'^ 

A Deeper Understanding of the 
"Persistence" Requirement 

To be persistent, a watermark or fingerprint must 
be able to survive any of the digital transformations 
that a would-be infringer might attempt to per¬ 
form on the digital content. A wide range of such 
transformations exists. 

These include (but are not limited to): 

I Playing the content, then using a recording 
device such as a microphone or a camera to 
recapture the played content, 

I Compressing the content using a method such 
as MP3 that makes some modifications in the 
content in order to facilitate compression, 

I Adding certain kinds of random noise to the 
content, and 

I Altering the content by making subtle changes 
in the tempo, timing, pitch, or coloration of the 
content. 

Many of these changes are often made for legiti¬ 
mate reasons, and there are many useful (and law¬ 
ful) signal-processing and image-processing tools 
that allow an even broader range of possible trans¬ 
formations. Experts agree that devising a mark or 
label capable of surviving the full range of these 
transformations is much more difficult than a non¬ 
expert might initially expect. 

How "Marking" Functions in a 
Copy-Protection Scheme 

By itself, no mark can function as a copy-protec¬ 
tion scheme. Instead, a mark is a building block 
that is used in designing a copy-protection scheme. 
Though the details of such schemes differ, they 
share certain important characteristics. 

First, marking schemes rely on widespread mark¬ 
ing of copyrighted content, since they cannot hope 
to protect content that is not marked. If a “simple 
marking” or “watermarking” approach is being used, 
then of course there is no way to mark content that 
was distributed before the copy protection scheme 


was adopted.'* Unmarked unauthorized copies of 
content could continue to be copied on the Internet 
and elsewhere, and could continue to be experienced 
and manipulated by users, so long as players and 
other devices that inspect content for marks, but do 
not find them, continue to be capable of playing or 
processing unmarked content. This is why some 
critics of marking-based schemes argue that the only 
way for marking-based schemes to work is if players 
and other devices read and play only marked con¬ 
tent, and refuse to read or play unmarked content. 

Second, marking schemes rely on all devices that 
read the content to check for the mark and, if the 
mark is found, to obey any corresponding restric¬ 
tions on use of the content. Of course, devices that 
were sold before the copy-protection scheme was 
adopted will not be able to satisfy this requirement. 
This gives rise to what may be characterized as 
“the backward-compatibility problem,” which may 
undermine attempts to implement industry wide 
copy protection schemes. 

The Backward-Compatibility Problem 
When a new copy protection scheme is launched, 
it generally isn’t implemented in pre-existing 
devices. For example, a new scheme for copy pro¬ 
tecting recorded music generally will not be sup¬ 
ported by existing CD players. This fact poses 
serious problems for the advocates of copy protec¬ 
tion. There are three ways for proponents or 
implementers of this scheme to deal with this back¬ 
ward compatibility problem, but all three have seri¬ 
ous costs and other flaws. 

The first approach is to ignore the problem. 
This makes the owners of existing devices happy, 
but the existing devices become a loophole in the 
system, a loophole that is widely available to 
would-be infringers. This approach is precisely 
what is asked for by proponents of the broadcast- 
flag approach to DRM for digital television broad¬ 
casts — existing digital television receivers will 
continue to function regardless of the presence of 
the broadcast-flag bit, which means they can be 
used to sidestep attempts to limit copying of tele¬ 
vision programs. 

The second approach is to require all con¬ 
sumers to upgrade immediately to new players that 


13 



II. What Does DRM Look Like? 


support the new copy protection scheme. This 
seems hkely to anger consumers, and understand¬ 
ably so, as they would be forced to throw away per¬ 
fectly good equipment and replace it with 
expensive new equipment. It is hard to imagine 
such an approach being viable for established 
media such as television,movies, or music.^** 

The third approach is to accept the existing- 
equipment loophole for existing content, but to 
release new content in a fashion that allows it to be 
played only on new players. This is essentially a 
slow-motion version of the preceding approach. 
Consumers would be forced to choose either to 

buy an expensive (and per¬ 
haps redundant) new 
player, or to forgo all new 
content. This approach 
too seems likely to pro¬ 
voke a high level of con¬ 
sumer anger and expense, 
albeit perhaps less than the 
impose new copy backlash that might be 

triggered by an abrupt cut- 
protection measures. off of existing home-enter¬ 
tainment equipment. 

There seems to be no 
clearly unproblematic way to address the back¬ 
ward compatibility problem, except in cases where 
a truly new medium (rather than a new format or 
new distribution method for an existing medium) 
is being created. The advent of DVD movies was 
an instance of a new media format^' that gave 
moviemakers and DVD player builders an oppor¬ 
tunity to build in a type of DRM. But such help¬ 
ful transitions to new media, new media formats, 
and new technologies are not predictable as a 
general rule. 

Moreover, waiting for a new medium or media 
format is no help for those who hold copyrights in 
existing media such as music and movies, and who 
may be heavily invested in business models based 
on media formats such as CD audio recordings and 
DVD video. It has been argued that improvements 
in older media forms — e.g., high-definition televi¬ 
sion — may be compelling enough to ease the con¬ 
sumer transition to new players and other devices, 
but it has yet to be seen whether these claims for 


HDTV will be borne out in the marketplace. His¬ 
torically, changes or improvements that provide 
opportunities for new protection schemes have 
come about because of market demand rather than 
government mandate. In the HDTV context, how¬ 
ever, the transition to digital television has largely 
been driven by the government. 

A Closer Look at the Broadcast-Flag Scheme 
Because digital television, including HDTV, is 
commonly (if incorrectly^^) perceived to be more 
easily copied and transmitted over networks like 
the Internet, there has been a push by content 
companies to protect over-the-air broadcasting 
with a marking scheme called, generally, “the 
broadcast flag” scheme or sometimes just “the 
broadcast flag.” (“The broadcast flag” is actually 
the term for the mark that is used in the scheme.) 
Aversion of that scheme was adopted by the Fed¬ 
eral Communication Commission in November 
2003. The goal of a broadcast flag scheme is to 
label the digital broadcast content, then somehow 
ensure that it cannot be captured at all, or that if it 
can be captured {e.g, by consumer personal video 
recorders hke TiVo or ReplayTV) it cannot be 
duplicated without limit or redistributed to the 
Internet. 

The broadcast-flag scheme is a hybrid copy pro¬ 
tection scheme that uses different methods to pro¬ 
tect the content at different points in the 
distribution chain. In the first stage of distribution, 
the content is broadcast over the airwaves in digi¬ 
tal form but is otherwise “in the clear” (unen¬ 
crypted, unscrambled). In this stage, a broadcast 
flag is invisibly attached to each field or frame of 
digital television content. The broadcast flag, 
when present, denotes the copyright owner’s state¬ 
ment that the recipient is not authorized to redis¬ 
tribute the content. 

To state the flag scheme in somewhat oversim¬ 
plified form, the proposal requires that when a 
device containing a “demodulator” (e.g., a set-top 
box that receives a signal from an antenna or from 
a cable-TV feed) has received the content, the 
demodulator must check for the existence of the 
broadcast flag, and if the broadcast flag is present, 
the decoder may not pass on the content to 


The transition to digital 
television has been seen 
as an opportunity to 


14 




What Every Citizen Should Know About DRM, 
a.k.a. "Digital Rights Management" 


another downstream device (such as a television, a 
video recorder, or a computer) unless the device 
containing the demodulator first re-encodes the 
content using some other copy-protection technol¬ 
ogy, or else passes it through “robust” (user-inac¬ 
cessible) channels to another device that can be 
relied upon to do the re-encoding.^^ 

If the decoder does re-protect the content, it 
must do so using one of the approved copy protec¬ 
tion technologies that are listed in “Table A” of the 
broadcast-flag framework.^'^ 

The scheme additionally requires that if a down¬ 
stream device is capable of understanding content 
that is encoded using one of the Table A technolo¬ 
gies, then that downstream device must itself 
implement that Table A technology. 

Given the relative simphcity of the broadcast 
flag itself, the mandates relating to other technolo¬ 


gies are in fact the main effect of the broadcast-flag 
approach. In this sense, the broadcast-flag scheme 
can be considered primarily to be a meta-standard 
whose purpose is to mandate the use of other stan¬ 
dards. Thus, to analyze the real effect of the broad¬ 
cast-flag scheme we must consider the effect of 
mandating all of these other technologies. A full 
assessment of that effect is beyond the scope of this 
paper, but we may be sure that costs associated 
with a broadcast-flag mandate spread out far 
beyond the costs of building flag-detectors into 
TV-receiver hardware. 

To understand why this is so, we need to focus on 
the two main lessons to be drawn from our exami¬ 
nation of the broadcast-flag proposal. First, con¬ 
sider the ever-expanding nature of 
broadcast-flag technology mandate. We start 
with a simple broadcast-flag label on digital televi- 


A Case Study of Watermarking: 

The Secure Digital Music Initiative 

One example of the problems inherent in attempting 
to develop a standard watermarking technology for 
content can be found in the experience of the Secure 
Digital Music Initiative (SDMI), a consortium of com¬ 
panies from the music, consumer electronics, and 
software industries. SDMI sought to design a mark¬ 
ing-based DRM system for recorded music. After 
choosing a set of proposed DRM technologies, includ 
ing four watermarking methods, SDMI announced a 
public challenge, inviting the public to try to defeat 
the proposed technologies. 

A team of researchers from Princeton University 
and Rice University studied the four watermarking 
methods, and was able to defeat all of them - that 
is, to remove each watermark without unacceptably 
damaging the audio quality of the content - in less 
than three weeks of work.^^ During this time the 
researchers had access to less information than a real 
would-be copyright infringer would have had. 


The researchers were able to defeat each SDMI 
watermark technology by first pinning down the 
nature of the watermark and where in the content it 
was hidden, and then by devising a modification to 
the content that would target the watermark's loca¬ 
tion and thereby either remove or mask the water¬ 
mark. As an example, in one of the SDMI 
technologies, the watermark consisted of a small 
amount of noise added within a certain narrow range 
of musical tones. Having identified this range of 
tones, the researchers found it easy to isolate and 
suppress this noise, thus defeating the watermark. 

None of the SDMI watermarks required highly 
advanced technology to defeat. The Princeton and 
Rice researchers concluded that current watermarking 
technology can be defeated by an attacker of even 
moderate technical sophistication. Although we can¬ 
not rule out the possibility that a major advance in 
watermarking technology will occur, history suggests 
that any purported advance would have to be sub¬ 
jected to substantial public scrutiny and testing 
before it could be deemed reliable. 


15 




II. What Does DRM Look Like? 


Watermarking, like other 
labeling approaches to 
content protection, 
requires device-makers to 
redesign their products. 


sion broadcasts. To protect the effectiveness of this, 
we need a mandate on all demodulator-containing 
devices. But this is pointless unless we impose addi¬ 
tional mandates on all of the devices that might be 
“downstream”^^ from the demodulator. Because 
there are so many types of downstream devices, we 
must incorporate by reference a set of other 
copy-protection technologies. What started out 
as a “simple” broadcast flag scheme ends up includ¬ 
ing a range of copy-protection technologies, and 
what started out applying only to digital television 
demodulators must, to have any hope of even being 
effective at all, up applying to virtually all digital 
video equipment, personal computers, and per¬ 
sonal-computer software.^'' 
This expanding-man- 
date phenomenon is to be 
expected with “marking” 
approaches generally. Any 
technology mandate covers 
a limited set of devices and 
situations, and the devices 
at the edge of this cover¬ 
age tend to become loop¬ 
holes through which the 
content can escape. The 
natural response is to 

widen the coverage area to address the loopholes - 
but this tends only to moves the boundary rather 
than eliminating it. 

Arguably, then, the only mandate that might 
claim to be truly effective is one that expands to 
reach the entire universe of digital devices—in 
effect, it requires a massive universal redesign of dig¬ 
ital technologies that might be used to capture, copy, 
and redistribute content labeled by the “broadcast 
flag.” Efforts to “cabin” the effect of the broadcast- 
flag scheme by Hmiting it to certain classes of digital 
devices (digital TV receivers, set-top boxes, and per¬ 
sonal video recorders, for example) may limit the 
extent to which IT companies and others must com¬ 
ply with such mandates, but at the price of increas¬ 
ing the risk that the marking scheme will be 
sidestepped, either by current or future digital tools 
that aren’t covered by the scheme.^® This develop¬ 
ment would render a “cabined” mandate and related 
expenses a relatively useless and costly exercise. 


The Risk of Premature Deployment of a Water¬ 
mark-Based Scheme 

As discussed supra, watermarking remains an 
unsolved area of scientific research and debate, 
with many fundamental open problems. No com¬ 
pletely satisfactory watermarking techniques have 
yet been developed for the audio, video, or text 
domains, nor is it certain that a sufficiently secure, 
robust and invisible marking technology could be 
developed in the foreseeable future. It would be 
very risky, at present, to deploy systems (or to base 
regulatory structures) that depend for their security 
or viability on the highly speculative assumption 
that a practical watermarking scheme will be able 
to be developed. Should an adequate watermarking 
technique be invented, however, it would likely 
play a role in several aspects of copy protection and 
enforcement. 

At least two applications of digital watermarking 
technology relate to DRM. The first is content 
labeling, in which the content owner aims to iden¬ 
tify protected material and specify permissible uses 
and copying restrictions. The second is serializa¬ 
tion, which aims to mark material with a unique 
serial number or message that identifies the 
authorized end user and thereby provide evidence 
of the source of illegal copying. 

Neither content labeling nor serialization is suf¬ 
ficient by itself to prevent illegal copying, however. 
Both approaches require that various parts of the 
content distribution process be “trusted” and 
secured against unauthorized access. It is theoreti¬ 
cally possible that a practical system might be 
based on either, or both, approaches, but such a 
practical system would impose certain require¬ 
ments on device-makers and other industries that 
enable the playback of digital content. 

Systems based exclusively on content labeling 
require that all devices that use restricted material 
will read the label and refuse to act in a manner 
that is contrary to the restrictions encoded in the 
label. Furthermore, each system component must 
contain all the necessary keys to access the pro¬ 
tected content. In addition, the required trusted 
system components include essentially any end- 
user equipment that must process labeled content. 
This last requirement is an ambitious one, since it 


16 




What Every Citizen Should Know About DRM, 
a.k.a. "Digital Rights Management" 


would, for audio and video, include the entire 
range of consumer electronic devices, potentially 
including general-purpose computers. 

Systems based exclusively on serialization, on the 
other hand, do not place any special requirements 
on end-user devices, since they would depend for 
their security on the fact that the perpetrators of 
illegal copying risk exposure by having their iden¬ 
tity encoded in every copy they produce. However, 
such a system still entails considerable security 
infrastructure, with significant costs and risks. In a 
serialization scheme, the entire distribution chain, 
up to the point at which material is seriabzed, must 
be secure against unauthorized use; a single unau¬ 
thorized, rm-seriabzed copy has the potential to 
compromise the entire system. Furthermore, any 
effective seriabzation scheme requires that con¬ 
sumers be positively identified at the point of sale 
and associated with their seriabzed copy, a difficult 
administrative task at best, and one with serious 
privacy implications.^^ 

Hybrid schemes may also be possible. For exam¬ 
ple, a system could employ both labeling and seriali¬ 
zation (in which case both the distribution channel 
and the end-user devices must be secured). It might 
also be possible to perform part of a user-seriabza- 
tion process in the end-user devices, although that 
would stiU require a trusted distribution channel as 
web as trusted end-user hardware. The recent devel¬ 
opments in “trusted computing” championed by 
Intel and by Microsoft may facilitate such a trusted 
distribution channel. But since “trusted computing” 
depends primarily on encryption and on the cre¬ 
ation of secure environments within computing 
platforms, a marking scheme may be superfluous in 
a true trusted-computing environment. 

Outside the trusted-computing context, systems 
based on watermarking, whether for labebng or 
for seriabzation, are often quite vulnerable to sin¬ 
gle points of failure. In particular, currently pro¬ 
posed “watermarking” systems all have the 
property that anyone with enough information to 
read a watermark can easily derive the information 
needed to remove it. In the case of labebng sys¬ 
tems, this means that if any user device is compro¬ 
mised and the watermarking parameters 
discovered, not only can that user device make 


unbmited copies, but also labels can be removed 
or altered from content to be played on unmodi¬ 
fied devices. In the case of seriabzation schemes, 
this means that if a single user is prosecuted in 
open court, the very same evidence that identifies 
and convicts him will provide a primer for future 
illicit copiers to escape detection. 

C. Other Approaches 

Faced with the difficulties associated with each of 
the major types of copy protection discussed above, 
content ovmers have begun to explore other 
options. Among them are selective incompatibil¬ 
ity and DRM hybrids. 

Selective incompability is an approach we’ve 
already seen in the marketplace for music CDs. 
Here the notion has been that a music CD manu¬ 
facturer will add debberate “errors” into encoding 
of music content on CDs, with the result that the 
CDs will be readable by some CD players (typi¬ 
cally consumer-electronics single-purpose devices) 
and not by others (typically computer CD drives). 
Music companies’ initial efforts in this direction 
suggest that this approach is not a particularly 
viable one (one protection scheme for CDs could 
be defeated by using a felt-tip marker to cover up 
the “errors” around the edge of the CD^°), and in 
the long term the risk of too many “false positives” 
(CDs that are judged to be illicit copies by pro¬ 
tected players) and “false negatives” (CDs that are 
judged to be unprotected when in fact the manu¬ 
facturer meant for it to be judged as protected) is 
significant with the selective-incompatibility 
approach. Moreover, both device makers and con¬ 
sumers are likely to react negatively to CDs that do 
not reliably play on the platforms that consumers 
customarily use. (This negative reaction can no 
doubt be diminished by clearly marking such CDs 
as protected in this manner, but this may also result 
in diminished sales, at least in some markets.) The 
issue of selective incompatibility may also arise in 
the near-term with the deployment of DVD-movie 
products in “higher-definition” or other “higher- 
quality” formats that cannot be read by existing 
DVD players. 

An example of a DRM Hybrid includes some 
variants of the broadcast-flag approach for protect- 


17 



II. What Does DRM Look Like? 


ing television content, combined with some use of 
encryption. Under the “hybrid” version of the 
scheme, the first step is, as with the broadcast-flag 
scheme generally, to insert the “broadcast flag” 
into the digital-television signal. If that signal is not 
itself encrypted, there are no technical barriers to 
removal of this flag. 

For this reason, the DRM Hybrid version of the 
broadcast-flag scheme would require a legal or 
regulatory mandate that receivers check for the 
broadcast flag, and apply an approved DRM 


method (such as encryption or “tethering” the 
received content to a particular home entertain¬ 
ment system or user) to the content if it is marked 
with the flag. 

The DRM Hybrid version of the broadcast flag 
approach illustrates a problem with marking systems 
generally — whether one is using a “pure” marking 
scheme or a DRM hybrid version of the scheme, 
there is a general requirement that the scheme be 
buttressed by government regulation of some sort. 
This brings us to our next policy question. 


18 



III. Should DRM Be Imposed 
By the Government? 


No treatment of the copy-protection- 
mandate issue (which hereafter we’ll 
refer to as “technology mandates” or 
simply “mandates”) can proceed without 
recognizing that a confluence of several 
factors has brought copyright issues to 
the center of the public-policy arena. 
Although not quite commanding the 
same attention as, say, counterterrorism 
measures or foreign-policy concerns, 
copyright issues have risen to the top of 
the discussion of broadband-internet 
policy and digital-television policy in 
addition to commanding attention on 
their own. 

The reason for this increasingly evi¬ 
dent intersection of copyright pohcy 
and technology policy hes in the funda¬ 
mental nature of the personal computer 
itself Computers are designed to copy 
and manipulate data with ease and with 
accuracy, (e.g., from hard disk to RAM, 
or from your e-mail program to a 
friend’s). This copying is part of the 
essential functionality of computers. For 
this reason, the increasing ubiquity of 


powerful but inexpensive general-pur¬ 
pose computers poses a particular chal¬ 
lenge for copyright holders whose 
interests lie in digital works. 

A Brief History of 
Software Copy Protection 

For some copyright holders, this chal¬ 
lenge has long been apparent. Software 
makers in the 1970s and 1980s were 
fully aware that computers could be 
used to make unlicensed copies of their 
products. Many and perhaps most soft¬ 
ware makers attempted to use various 
“copy protection” technologies to pre¬ 
vent users from making copies of com¬ 
mercial software; these efforts were less 
than completely successful in large part 
because general-purpose computers 
could be programmed to edit or alter 
the very copy-protection measure that 
was designed to prevent copying. As a 
result of this aspect of the nature of 
computers, and in response to the 
inconvenience of copy-protection 
schemes of the period, an aftermarket in 


19 



III. Should DRM Be Imposed 
By the Government? 


utility programs that enabled the defeat of such 
measures quickly appeared—for several years there 
was an ongoing “arms race” between commercial 
software vendors, who developed ever more pow¬ 
erful and arcane copy-protection strategies, and the 
makers of copy-protection-defeating utilities. Gen¬ 
erally speaking, however, digital information is 
inherently copyable and inherently alterable, which 
poses special problems for the copyright holder 
who seeks to prevent his or her digital work from 
being copied or altered. 

In the same period, the general-purpose nature 
of personal computers was what created the great¬ 
est number of business opportunities for software 
makers. Because the lead¬ 
ing personal computers at 
the beginning of the 
microcomputer revolution 
— most notably the Apple 
11 (1978) and the IBM PC 
(1981) — were designed 
to be “open platforms,” 
this meant that third-party 
software vendors were 
able to freely develop new 
apphcations for those plat¬ 
forms. (One of those ven¬ 
dors, Microsoft, has been so successful at this that 
its revenues currently exceed those of any single 
computer maker.) At the same time, efforts to 
meet consumer needs by promoting dedicated 
word processors and other dedicated digital tools 
failed in the marketplace, with the notable excep¬ 
tion of game consoles. In general, when it comes 
to computing, the public prefers general-purpose, 
unconstrained, “open-platform” tools to special- 
purpose, hmited ones. We may reasonably infer, 
therefore, that any government mandate that 
focuses on hmiting the functionahty of general- 
purpose computing tools may have the unintended 
effect of diminishing the market for the resulting 
products. A mandate might also prime an after- 
market for pre-mandate “open architecture” 
devices, perhaps via auction websites such as eBay. 


In the 1980s, computer- 
industry companies moved 
away from the more rigid 
and restrictive types of 
DRM. 


The Advantages of Selling 
Software Rather Than Content 

Software makers in the 1970s and 1980s had cer¬ 
tain advantages when attempting to block soft¬ 
ware copyright infringement. The first and most 
important advantage was the fact that most com¬ 
mercial software that is capable of performing 
complex tasks requires a significant degree of doc¬ 
umentation and support; bona-fide purchasers of 
software were able to receive such benefits, 
whereas those who made unlicensed copies typi¬ 
cally had to do without. This led to another after- 
market, this one in third-party manuals and 
workbooks for commercial software products. 
That aftermarket continues to this day, somewhat 
to the chagrin of software vendors. Nevertheless, 
software makers have generally abandoned the 
harsher varieties of copy-protection schemes to 
prevent unauthorized software copying, largely 
because of negative consumer response. A funda¬ 
mental principle of the personal-computer busi¬ 
ness — the principle of High Volume/Low Cost 
— drove vendors away from the more rigid and 
restrictive types of copy protection; the vendors 
manage the problem of “leakage” partly by seek¬ 
ing legal remedies against the more egregious 
infringers, partly by making software more afford¬ 
able and thus easier to acquire legally, and partly 
by employing measures such as registration 
schemes that make illicit copying somewhat more 
difficult for ordinary users. 

But the other advantages for software makers 
were also considerable: modem speeds were com¬ 
paratively slow, computer storage was compara¬ 
tively expensive, and relatively few consumers had 
access to the Internet. All of these advantages evap¬ 
orated in the late 1980s, in the 1990s, and in the 
current era, as modem speeds increased by orders 
of magnitude, computer storage became increas¬ 
ingly cheap, and access to the Internet became 
ubiquitous. Indeed, current telephone modems, 
fast as they are, are hkely to be supplanted by high¬ 
speed broadband connections to the Internet, 
which are becoming increasingly available to most 
businesses and homes in America. 

These factors compounded the problems of digi¬ 
tal copyright holders in a number of ways. First of 


20 



What Every Citizen Should Know About DRM, 
a.k.a. "Digital Rights Management" 


all, just as the “open platform” of the general-pur¬ 
pose computer was designed to make the copying 
of digital information easy and reliable, the “open 
platform” of the Internet was designed to make the 
copying of bits over long distances reliable. In 
addition, the Internet makes it possible for individ¬ 
ual computer users to copy works to a multiplicity 
of recipients—to effectively “broadcast” unlicensed 
copies of copyrighted works. 

Secondly, greater computer capacity, advances in 
compression technology, and greater bandwidth 
have made it possible to copy significant numbers 
of copyrighted works (most notably, songs in the 
form of MP3 files) and copyrighted works of sig¬ 
nificant size {e.g., television shows and feature 
films). Third, digital copyrighted content, imlike 
copyrighted software, does not typically require 
documentation or support to be used. 

How The Content Producers 
Have Responded 

As we have seen, in the computer era one approach 
of content owners has been to enclose or protect 
digital copyrighted works with what we once called 
“copy-protection technologies” but which we are 
now commonly referred to as Digital Rights Man¬ 
agement technologies or “DRM.” These technolo¬ 
gies are commonly (but not always) based on 
encryption. The use of encryption-based copy-pro¬ 
tection technologies has been the foremost of the 
two major approaches to preventing the unautho¬ 
rized copying of copyrighted works in the digital 
world. The other approach — the reliance on gov¬ 
ernment regulations (often called “technology 
mandates”) to constrain the capabilities of con¬ 
sumer technologies — has been much less wide¬ 
spread, although this may be changing. 

The Digital Alillennium Copyright Act 
(DMCA), enacted in 1998, reflects the Content 
companies’ assumption at the time that it would 
rely primarily on DRM technologies to protect its 
copyrighted works in the digital age. Most of the 
broad prohibitions of the DMCA are aimed at pre¬ 
venting circumvention of these technologies, 
which, once again, are usually based on encryption. 
At the same time, the DMCA expressly codified a 
technological mandate concerning videocassette 


recorders, but also expressly sidestepped the issue 
of technology mandates generally. 

The DMCAs provisions in 1998 were aimed at 
making DRM approaches more secure by broadly 
prohibiting circumvention (thus preventing the 
kind of “arms race” between copy-protection 
developers and copy-protection circumventers that 
occurred in the 1980s in the software industry). At 
the time, content-company advocates, as well as 
advocates from the information-technology sectors, 
believed that the DMCA was in itself a long-term 
solution to the copyright-infringement problems 
they feared. The DMCA, which did not provide 
significant exceptions for circumvention or circum¬ 
vention tools — even when the underlying goal of 
the circumventer or the toolmaker was a legal one 
— was enough, they beheved to forestall the kind 
of widespread infringement and unhcensed copy¬ 
ing to which the Internet might give rise. 

Only a year later, however, peer-to-peer file-shar¬ 
ing became a visible and well-publicized phenome¬ 
non (most famously, through the use of Napster). 
While particular peer-to-peer applications and serv¬ 
ices may be hindered or neutralized through litiga¬ 
tion, the essentially decentralized nature of the 
Internet, together with the ubiquity and increasing 
cheapness of computers, has made it possible for 
file-sharing, particularly of music, to continue. 

Music companies have been particularly vulnera¬ 
ble to file-sharing, for a number of reasons. First 
and foremost, MP3 compression makes most song- 
files remarkably compact, which makes them far 
easier to transmit and receive, even over today’s 
relatively limited consumer broadband networks. 
Moreover, most music companies’ catalogs are 
available on CD in unprotected formats. This is 
because music companies, when adopting the CD 
format for distribution of music, did not anticipate 
the ubiquity and ease of use of “ripping”^^ and 
“buming”^^ applications and technologies, nor did 
they anticipate the quickness with which music 
hobbyists would begin to share “ripped” music files 
on the Internet via peer-to-peer mechanisms. 

Movie and television studios and networks fear 
that increasing adoption of broadband Internet serv¬ 
ices, together with the migration of video content to 
digital formats (such as HDTV) will result in the 


21 



III. Should DRM Be Imposed 
By the Government? 


same “Napsterization” of their offerings that the 
music companies have endured. There is less justifi¬ 
cation for their fears, at least in the short term. Partly 
this is because the most common form of commer¬ 
cial video distribution, other than television, is DVD 
sales, and DVD content is scrambled to prevent easy 
copying. Another factor that has slowed or even pre¬ 
vented true “Napsterization” of television content 
has been the sheer size of video files; in general, a 
digital file created from an hour of standard televi¬ 
sion is two or more orders of magnitude larger than 
an AIP3 file. (When the digital file is HDTV televi¬ 
sion, the disparity in file sizes is even larger.) 

Nevertheless, TV and movie offerings that are 
distributed via broadcast and cable channels are 
either unprotected (“in the clear”) or, if protected 
by DRM, they are descrambled at the 
player/receiver end (which they must be in order 
to be viewed), whereupon they can be captured by 
users through a variety of means. These users can 
then digitize, alter, or disseminate the works to the 
Internet and elsewhere. The fact that some users 
do this (albeit after reducing significantly the reso¬ 
lution and quality of the captured video content) is 
adduced by movie and TV companies as evidence 
that the threat to their business models posed by 
peer-to-peer file sharing is either just around the 
comer, or is already here.^"^ 

Neither the issue of peer-to-peer file sharing nor 
the increasing capabihty of computers to copy and 
transmit content was fully foreseen by the drafters 
of the DMCA. Specifically, these issues are not 
addressed by the anti-circumvention provisions of 
the DMCA (since they rarely if ever involve actual 
circumvention of copy-protection technology) and 
only tangentially addressed by the Notice-and- 
Takedown provisions of the DMCA^^ (since peer- 
to-peer file sharing does not typically require the 
use of an Internet Service Provider as a site for 
making ilhcit content available). Of course, to the 
extent that file sharing constitutes copyright 
infringement, it is squarely addressed by the sub¬ 
stantive provisions of the Copyright Act, Title 17 of 
the U.S. Code, but the prospect of having to file 


thousands or even millions of infringement actions 
against American citizens is a daunting one for even 
the most assiduously protective content company.^'’ 

As a result of the onset of peer-to-peer file shar¬ 
ing, a number of content companies have increas¬ 
ingly asserted that the solution to peer-to-peer 
infringement lies in constraining what those tools 
and mechanisms can do, through technological 
measures in tandem with government mandates 
(either regulatory or legislative or both). This per¬ 
ception has been at the root of recent legislative 
and regulatory initiatives that are designed to limit 
or prevent peer-to-peer file sharing, but that may, 
if enacted, have unintended consequences, includ¬ 
ing a significant chilling effect on innovation. 

That such measures may be worse than ineffective 
— that they may even be counterproductive — 
becomes apparent when we dig deeper into our 
analysis of what the real “threat” to content 
companies is. 

But before we discuss this threat model, we need 
to consider one final aspect of the issue of govern¬ 
ment mandates of DRM — that a government- 
imposed technology mandate may actually 
exacerbate rather than diminish infringement 
problems. Consider that when it comes to “solv¬ 
ing” infringement problems DRM is aimed at a 
moving target. As circumvention tools evolve, and 
as new technologies pose new infringement prob¬ 
lems, the locking of industrial sectors into a partic¬ 
ular “standard” scheme, mediated and supervised 
by government, actually slows the ability of the 
content sector to respond to new problems. There 
are fewer incentives to develop solutions that lie 
outside the standard. And solutions that are devel¬ 
oped within the framework of an “open” yet gov¬ 
ernment-administered standard will take longer to 
be approved and longer to find their way into mar¬ 
ket offerings. Wliile it is unclear that truly effective 
long-term DRM solutions can be developed in the 
digital environment, certainly they are less hkely to 
be developed if development is constrained both by 
an increasingly outdated standard and by a govern¬ 
ment-approval process. 


22 



IV. The "Threat Model" of Universal Infringe¬ 
ment, and the Potential 
Threats Posed By DRM 


If there is anything that those of us who 
live in the age of the Internet, and who 
have access to the Internet, know for 
certain, it’s that our use of computers 
and Internet enables us to engage in the 
broad sharing of any information. Since 
any content can, in principle, be broadly 
shared or disseminated over the Internet, 
it follows that the illegal distribution of 
copyrighted content is possible as well. 

In effect, the same aspects of computers 
and the Internet that empower us to be 
global publishers also empower us to be 
global copyright infringers. 

In a nutshell: content owners fear that 
once an unprotected copy of a copy¬ 
righted digital work becomes available, 
it can and will be distributed universally 
on the Internet, and its distribution will 
destroy, or at least severely diminish, its 
ability to generate revenue. 

This fear often results in self-contra- 
dictory statements from content compa¬ 
nies that seek, in various forums, legal or 
regulatory mandates for copy protection. 
On the one hand, such proposals are 


defended as “speed bumps” that merely 
“keep honest people honest” and that are 
not meant to be unduly burdensome to 
ordinary users of the content. On the 
other, when objections to certain kinds 
of mandates are raised, the advocates of 
the mandate frequently invoke the 
specter of the “one perfect copy” of the 
content escaping the secure system and 
then being distributed miversally on the 
Internet. Policy discussions of DRM fre¬ 
quently oscillate between the advocacy 
of limited (and therefore ineffective) 
proposals and broad (and therefore less 
politically palatable) proposals. Some¬ 
times the very same proposal may be 
described at one point as “hmited” and 
at another point as “necessary to prevent 
Internet distribution.” As a practical 
matter, no “limited” proposal can pre¬ 
vent Internet distribution of the copy¬ 
righted work. 

Of course, not all unauthorized distri¬ 
bution of copyrighted content over the 
Internet is necessarily infringement. For 
example, we have built into our copy- 


23 



IV. The "Threat Model" of Universal Infringement, 
and the Potential Threats Posed By DRM 


At bottom, 
peer-to-peer file sharing 
is a characteristic 
of the Internet's 
fundamental design. 


right-law framework the important principle of 
“fair use.” Without discussing “fair use” and other 
exceptions to copyright protection in detail — a 
project that all by itself would take an essay far 
longer than this one — we can say generally that 
the Framers of the Constitution and subsequent 
interpreters of the Constitution’s Copyright Clause 
and of the Copyright Act that springs from that 
clause believed that some degree of unlicensed or 
unauthorized use of another person’s content is 
lawful. To the extent that such distribution is large 
scale, however, and to the extent that this large- 
scale distribution undermines the commercial value 
of the work being distributed, it is more hkely to 
be found by a court to be infringement. 

Theoretically, this 
notion of lawful though 
unauthorized use of 
copyrighted works is well- 
established and uncontro- 
versial, and even the 
content industries can be 
heard to say they agree 
with the general principle 
that fair use is important. 

In practice, however, there 
is wide disagreement among stakeholders as to what 
the contours of “fair use” or other lawful but unau¬ 
thorized uses might be. In the digital world, how¬ 
ever, it is theoretically possible for content owners 
to use DRM to foreclose most or all unauthorized 
uses of even parts of copyrighted works. This fore¬ 
closure of uses does not merely affect our ability to 
make unauthorized copies; it also affects our ability 
to own a copy of a copyrighted work, since the 
rights associated with ownership of a traditional 
book or record album or movie may be significantly 
reduced in a DRM-mediated environment. This 
raises the question of whether the very existence 
and use of DRM alters the balances of our system 
of copyright in one direction, even as computers 
and peer-to-peer file sharing may alter them in 
another direction.If so, then we may face the 
challenge of developing ways to ensure that DRM 
does not skew the fundamental structure of rights 
in copyright. The last part of this paper addresses 
some choices we may make in that regard. 


A. Can "Peer to Peer" Be Stopped 
On the Internet Itself? 

Foremost among the perceived threats faced by the 
copyright industries in the digital age is peer-to- 
peer file sharing, which arrived as a widespread 
mass consumer phenomenon. Although peer-to- 
peer file sharing is commonly regarded in the con¬ 
tent community as a new, and pernicious, 
technological development, it actually derives from 
the “architectural” design of the Internet itself The 
Internet was designed to be a simple, robust, reli¬ 
able, and (most important) decentralized computer- 
based communications medium. Because the 
“peer-to-peer” aspect of the Internet is central to its 
design, it is difficult to imagine any “solution” to 
peer-to-peer-based copyright infringement that 
does not require, at minimum, a fundamental 
redesign of the Internet. 

At bottom, peer-to-peer file-sharing can be 
understood simply as the use of multiple comput¬ 
ers connected to the Internet as both “servers” 
(storing specified files that other computers can 
retrieve) and as “clients” (able to retrieve specified 
files from other computers that are storing them). 
Because computers engaging in such reciprocal 
file-sharing and retrieval are acting both as 
“servers” and as “clients,” they are, in effect, 

“peers”—hence the term “peer-to-peer.” It is gen¬ 
erally believed that peer-to-peer file-sharing has 
greatly increased the volume of unlicensed copy¬ 
ing, although reliable statistics as to the actual 
extent of such copying or as to the economic 
impact of such copying are currently unavailable, 
partly due to the problem with tracking such copy¬ 
ing. Moreover, although peer-to-peer applications 
are perceived by many to be primarily tools of 
copyright infringement, it is important to stress 
that such applications have both infringing and 
non-infringing uses. 

What this all adds up to is that the aspect of the 
Internet that most bothers content companies is an 
aspect that is central to its design. In effect, it is 
exceedingly difficult to craft a law or regulation 
that categorically outlaws peer-to-peer file sharing 
without, in doing so, outlawing the Internet itself 


24 




What Every Citizen Should Know About DRM, 
a.k.a. "Digital Rights Management" 


When Can You Copy a Copyrighted Work Without Permission? 

American copyright law, unlike most forms of DRM, expressly and deliberately allows for "fair use" of copyrighted 
works - that is, it allows for unauthorized uses of those works. The relevant section of the Copyright Act is Section 
107 of Title 17 of the United States Code, which reads in its entirety as follows: 

Sec. 107. - Limitations on exclusive rights: Fair use 

Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including 
such use by reproduction in copies or phonorecords or by any other means specified by that section, for 
purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom 
use), scholarship, or research, is not an infringement of copyright. In determining whether the use made 
of a work in any particular case is a fair use the factors to be considered shall include - 

(1) the purpose and character of the use, including whether such use is of a commercial nature or is for 
nonprofit educational purposes; 

(2) the nature of the copyrighted work; 

(3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and 

(4) the effect of the use upon the potential market for or value of the copyrighted work. 

The fact that a work is unpublished shall not itself bar a finding of fair use if such finding is made upon 
consideration of all the above factors 

By itself, this passage doesn't give hard-and-fast guidelines as to whether one's copying of copyrighted works gual- 
ifies as fair use, but American courts have interpreted fair use over the years to allow for such things as guoting 
copyrighted works in reviews or making a small number of complete copyrighted works for teaching purposes. One 
of the more controversial dimensions of DRM is that that DRM, by preventing any "guoting" at all, or by limiting 
the numbers of copies that can be made (or eliminating copying altogether), may effectively eliminate fair use. It 
also may have an impact on other elements of the balance of rights in the copyright act, such as the First Sale doc¬ 
trine, which allows the purchaser of a copy of a copyrighted work to resell that work to another, even without the 
permission of the author or publisher. 


This may be counterintuitive to you if you think 
of peer-to-peer file-sharing as a relatively recent 
phenomenon. One of the reasons peer-to-peer file¬ 
sharing may seem to be a new phenomenon is that, 
during the explosion of commercial activity on the 
Internet in the 1990s, it was common to have 
larger, more powerful computers function prima¬ 
rily as servers, which then could be accessed by 
personal computers and other devices that would 
retrieve files as necessary. The term “web server” 
in the mid-1990s typically denoted, or at least sug¬ 


gested, the use of a larger, more powerful machine 
to “serve” web content to users who were surfing 
the Web with their personal computers. 

As a factual matter, however, any computer capa¬ 
ble of connecting to the Internet in a manner that 
relies on the standard Internet Protocol (some¬ 
times referred to as “IP” or even redcmdantly as 
“the IP protocol”) can potentially act either as a 
server, or as a client, or as both. (Increasingly, con¬ 
sumer operating systems, from Windows to the 
Mac OS to GNU/Linux, include software designed 


25 




IV. The "Threat Model" of Universal Infringement, 
and the Potential Threats Posed By DRM 


Beneficial Uses of Peer-to-Peer File Sharing 

Although peer-to-peer file sharing is commonly demo¬ 
nized as being inherently a copyright-infringing tech¬ 
nology, it is well established that peer-to-peer 
technology has beneficial, socially constructive uses. 
Some examples include: 

Education: Peer-to-peer technology can facilitate 
delivery and sharing of class materials and collabora¬ 
tion on class projects. For example. Professor Robert 
Kirkpatrick of the University of North Carolina at 
Chapel Hill used Groove Network's peer-to-peer tools 
to manage a class in the composition of poetry. 
Among other things, Kirkpatrick used peer-to-peer 
technology to encourage collaborative editing and 
comment on students' work, adjust the syllabus, 
archive course materials, and create a list of links to 
resources of poetic forms and vast archives of com¬ 
plete works of poems and critical writing. The class 
also used the Groove tools for a class forum and an 
announcement board to share information on musi¬ 
cal, dramatic and other events on campus. 

Digital content delivery: Major content companies 
use peer-to-peer tools to distribute copyrighted con¬ 
tent to customers. For example, CenterSpan's secure 
peer-to-peer network provides music from Sony Music 
artists to a wide variety of online service providers 
seeking to offer their subscribers streaming and 
downloadable music. J !VE Media is the creator of a 
suite of digital video packaging, DRM and media 
delivery services that enables content providers to dis¬ 
tribute protected digital video content via publicly 
accessible peer-to-peer networks including the 
Gnutella Network (which includes LimeWire and Mor¬ 
pheus) and the Fastrack Network (which includes 


KaZaA and Crokster). Jive's customers include: 1) the 
Priority Records division of the EMI Recorded Music 
Croup; 2) Koch International, the world's third largest 
independent music label; and 3) The Comedy Net¬ 
work, Canada's 24 hour comedy cable channel. 

Public domain works: Project Gutenberg seeks to 
convert to e-book form, and widely distribute over the 
Internet, over 4500 works from the King James Bible 
to Shakespeare to the CIA World Fact Book. These 
works are either in the public domain or authorized 
by copyright owners for distribution. One of the chief 
hurdles facing Project Gutenberg and public domain 
projects like it has been the expense of hosting and 
distributing the resulting files. Today, these expenses 
are being reduced, and valuable public domain works 
are reaching more people, because these texts are 
being distributed over peer-to-peer networks 

Lawful music sharing. Peer-to-peer networks can be 
used to share music legally. The Furthur Network is a 
non-commercial, open source, public peer-to-peer file 
sharing network that allows music lovers to download 
and share live music. The music of the Grateful Dead, 
Allman Brothers Band, Dave Matthews Band and oth¬ 
ers who authorize the noncommercial taping and trad¬ 
ing of their live performances is shared on this network. 

Data coordination and collaboration. Peer-to- 
peer technology is being used to provide up-to-the 
minute data and facilitate coordination of large-scale 
projects. For example, humanitarian groups in Iraq 
are using peer-to-peer tools to synchronize distribu¬ 
tion of aid to the Iraqi people. Because peer-to-peer 
systems do not require a central server or centralized 
coordination, they are well suited to environments 
with little communications infrastructure. 


These examples are taken from the "Statement of Cigi B. Sohn, President, Public Knowledge. 'Piracy of Intellec¬ 
tual Property on Peer-to-Peer Networks"' Testimony before the House Judiciary Gommittee, Subcommittee on 
Gourts, the Internet and Intellectual Property. September 26, 2002. Available at http://www.house.gov/judici- 
ary/sohn092602.htm and the "Statement of Alan Davidson, Associate Director, the Genter for Democracy and 
Technology. 'Peer to Peer File Sharing and Security'" Testimony before the House Gommittee on Government 
Reform, May 15, 2003. Available at http://www.cdtorg/testimony/030515davidson.pdf 


26 





What Every Citizen Should Know About DRM, 
a.k.a. "Digital Rights Management" 


to enable the use of the computer running the 
operating system as a Web server.) 

To understand how intertwined peer-to-peer file 
sharing is with the Internet itself, it helps to con¬ 
sider what the Internet actually is. One way to 
understand the Internet is to say that the Internet 
consists of special computers called “routers” inter¬ 
connected with fiber optic lines, cable and dialup 
modems, and the like. General purpose “host” 
computers, including your personal computer, con¬ 
nect to the routers to use the Internet to commu¬ 
nicate, and in effect they become part of the 
Internet as well. 

The end-to-end design principle 
Routers are functionally similar to postal sorting 
machines. But instead of sorting paper envelopes, 
they handle small electronic “packets” of data from 
and to the host computers. By design, routers pro¬ 
vide only a minimum set of services. All other pro¬ 
cessing is done on an “end-to-end” basis by the 
hosts. This “end-to-end principle” was and contin¬ 
ues to be extremely influential in the development 
of the Internet. The principle serves two vital pur¬ 
poses: it simplifies and reduces the cost of the 
Internet infrastructure, and it facilitates the devel¬ 
opment of new and innovative Internet apphca- 
tions on the host computers. 

This end-to-end architecture has a profound 
effect on the viabihty of any mandated technologi¬ 
cal copy-protection scheme implemented within 
the Internet itself {i.e., in the routers), as opposed 
to the host computers connected to it. Just as a 
postal sorting machine looks only at the addresses 
on the outsides of envelopes without opening 
them, Internet routers only need look at the Inter¬ 
net protocol “header” on each packet. The content 
of each packet is wholly arbitrary, and is not neces¬ 
sarily meaningful to anyone but the host to which 
it is addressed. This is especially true when the 
packet has been encrypted with a key possessed by 
only the source and destination hosts. Several secu¬ 
rity (encryption) protocols are already widely used 
on the Internet, including SSL, SSH, TLS and 
IPSEC. 

Since end-to-end encryption can completely 
hide the meaning of each packet, use of encryption 


would make it completely impossible for Internet 
routers to scan encrypted packets for “broadcast 
flags” or any other copyright information so that 
the transfer of such packets could be blocked. 

Making things worse for would-be infringement 
detectives, even when Internet Protocol (IP) com¬ 
munications traffic is not encrypted, IP “sniffing” 
(sampling of packets) is not particularly effective at 
detecting infringement. A single IP packet can 
carry only a limited amount of data (1500 charac¬ 
ters is the usual maximum) and it is both permitted 
and fairly common for the different IP packets that 
make up a transfer to follow different paths to their 
destination. Ta determine by 
“sniffing” packets whether 
content is being infringed 
would require the gather¬ 
ing, buffering, and exami¬ 
nation of whole files, or 
least large chmks of them, 
even if they were transmit¬ 
ted “in the clear.” 

What this discussion 
suggests is that any tech¬ 
nology mandate that 
requires core Internet 
components (routers, trans¬ 
mission links, and so on) to 
implement schemes to thwart the transfer of copy¬ 
righted material is likely unworkable and easily cir- 
cumventable. This means that copy-protection 
mandates, if they are to work at all, would require 
mechanisms and measures to be implemented in 
the Internet hosts. 

B. Who's a Host On Today's Internet? 

This is a broader prescription than it may first 
appear to be because nowadays virtually every 
computer on the Internet can function as a host. 

This was not always the case, however. In the 
years before the personal computer revolution 
(which can be said to have begun approximately 
in 1976), Internet hosts were usually physically 
large, continuously operating computers that 
acted as both servers and clients, depending on 
how you used them. They conummicated as 
equal peers. 


The Internet's robust 
"end-to-end" design 
makes it difficult to 
defeat or deter 
infringement at the 
network level. 


27 




IV. The "Threat Model" of Universal Infringement, 
and the Potential Threats Posed By DRM 


With the personal computer driving the Inter¬ 
net’s explosive growth in the mid to late 1990s, 
clients and servers began to differentiate. Today, 
many and perhaps most personal computers func¬ 
tion only as clients; they rely on services provided 
by relatively few dedicated “server” hosts. Many 
Internet service providers (ISPs) provide server- 
type services to their customers so that they may 
publish web pages and other information. One 
consequence of this design is good news for con¬ 
tent owners: Specifically, when a user publishes 
infringing material on his ISP’s server, it is rela¬ 
tively easy to identify and 
contact the ISP staff to 
request removal of the 
infringing materials. 

But this aspect of Inter¬ 
net use is changing, and in 
a way that harkens back to 
the original structure of 
the Internet. With the 
availability of high speed, 
“always-on” Internet 
access by cable modem 
and DSL, of advanced 
operating systems such as 
GNU/Linux and BSD and 
later versions of Windows, and of continuing 
price/performance improvements in computer 
processors, memory and disk storage, individuals 
can now run their own servers, accessible to any¬ 
one on the Internet. Users no longer necessarily 
rely on ISP-provided servers; they need only basic 
Internet connectivity. Individual users become, in 
effect, “hosts.” This is why, while some perceive 
user-run peer-to-peer servers as a novel develop¬ 
ment, they are actually nothing more than a return 
to the Internet’s original model as a network of 
computers as equal peers, each acting as both client 
and server. 


Many observers regard 
the broadcast-flag 
initiative as a first step 
toward comprehensive 
design control over 
computers and other 
products. 


The implication of this development is both 
clear and disturbing for those who wish to outlaw 
peer-to-peer services as such — one probably can¬ 
not build effective DRM at the router leveP®, and 
building it in at the host level probably requires 
building DRM into every personal computer that 
can connect to the Internet. 

This is a tall order, but at least some representa¬ 
tives of content companies hope to approach this 
goal. One way to do so is on a step-by-step basis. 
For example, content companies could seek regula¬ 
tions and other measures that affect the design of 
computers that receive television content (as an 
increasing number of personal computers are able 
to do), or that affect the design of devices that can 
be connected to TV receivers (this would cover a 
broad range of digital and consumer-electronics 
devices). Indeed, many observers regard the con¬ 
tent companies’ push for a broadcast-flag regula¬ 
tion to be evidence of such a step-by-step strategy. 

The step-by-step approach can be used in more 
than one arena. For example, content companies 
can seek DRM-based design changes through pri¬ 
vate contracts {e.g., by refusing to license content 
to cable or satelhte-TV companies that don’t 
incorporate certain DRM measures into their 
equipment, including the equipment they hcense 
consumers to use). At they same time they can seek 
to advance the ubiquity of DRM by public regula¬ 
tion such as the broadcast-flag proposal submitted 
to the Federal Communications Commission, 
which the FCC has adopted, albeit in significantly 
altered form. 

The content companies’ efforts to make DRM 
more pervasive in the digital world are comple¬ 
mented by efforts in the computer industry, some 
members of which hope to establish through 
“trusted computing” and similar initiatives a kind 
of DRM-based secure space inside your next com¬ 
puter — secure in ways that benefit you, perhaps, 
but also secure in ways that prevent you from hav¬ 
ing full control over your computer, especially 
when it is being used as a channel for delivery of 
commercial content. 


28 




What Every Citizen Should Know About DRM, 
a.k.a. "Digital Rights Management" 


Collectively, these efforts may hurt citizens in at 

least three ways: 

I First, they may swing the balance of rights in 
copyright so much further in the direction of the 
copyright owners that, in effect, they make the 
“fair use” and other balancing provisions of the 
Copyright Act unusable and thus irrelevant in 
practical terms. 

I Secondly, to the extent that these efforts result 
in new limitations on personal computers and 
consumer electronics, citizens may soon find 
themselves in a world in which these tools 
empower them much less than they once did. 

I A third, related point is this: the computer revo¬ 
lution and the remarkable advances we’ve seen in 
computer technology over the last quarter cen¬ 
tury have been dependent largely on so-called 
“open architectures.” Personal computers are said 


to have “open architectures” because you can buy 
or build new devices that the computers can use 
in new ways, and because you can program them 
to do things that their designers never thought 
of. Moreover, the Internet itself, through its 
“end-to-end” principle, is another example of an 
open architecture — because its underlying prin¬ 
ciples are decentralized, simple, and robust, it’s 
possible for inventors to come up with new uses 
for it. A notable example of the latter is the 
World Wide Web itself, which originated nearly 
two decades after the Internet was invented. 

In sum, then, it’s not just copyright-law interests 
that are at stake — or even citizens’ relationship to 
copyrighted works. DRM, if too broadly and indis¬ 
criminately applied, may throttle the advance of per¬ 
sonal-computer technology itself And this would 
affect you as a citizen even if you never once had the 
desire to download a song or TV show or movie. 


29 



V. Conclusion: Can There 
Be a "Humane" DRM? 


As this essay demonstrates, the balance 
of rights and public policies we have 
grown accustomed to in our copyright- 
law framework is being pulled in more 
than one direction. On one side, digital 
technologies seem to have the potential 
to imdermine and perhaps even destroy 
the incentive system we have con¬ 
structed as part of society’s “copyright 
bargain” with artists and authors. On 
the other side, DRM may have the 
potential to destroy society’s part of that 
bargain, by enabling copyright owners 
to prevent even those unauthorized uses 
of copyrighted works that we recognize 
to be lawful, all in the name of stopping 
Internet-based infringement. 

On still another side, we have the tech¬ 
nology companies, who are tom between 
their desire to provide new platforms for 
copyrighted works (and who themselves 
value copyright) and their desire to pre¬ 
vent the open platforms of digital tools 
and the Internet from becoming “closed” 
in a way that hinders or halts innovations 
we haven’t thought of yet. 


To suggest a solution that fully 
addresses the needs of all the stakehold¬ 
ers in the current digital copyright 
debate is not, strictly speaking, beyond 
the scope of this essay; it remains, how¬ 
ever, beyond the scope of this author. 
Nevertheless, I beheve we can outline 
some approaches to the problems of 
digital copyright and DRM that have 
the potential to harmonize the needs of 
every stakeholder group. 

In short, we can begin to talk about 
what a humane, balanced form of DRM 
might look like, assuming for the sake of 
discussion that such a form of DRM is 
possible.^’ 

The kind of DRM framework I imagine 
for the sake of this discussion meets, at 
least, the following set of criteria: 

A. For Copyright Owners: It must 
limit (or, ideally, prevent) large-scale 
unauthorized redistribution of copy¬ 
righted works over the Internet or 
any similar medium. In addition, 
it must allow a range of business 


31 



V. Conclusion: Can There 
Be a "Humane" DRM? 


models for distributing content, within the con¬ 
straints of copyright law. 

B. For Technology Makers: It must maintain 
technology companies’ ability to create a wide 
range of innovative non-infringing products, 
and to design, build, and maintain those prod¬ 
ucts efficiently. It must maintain the ability to 
choose between open-source and closed-source 
development models. It must enable technology 
makers to come up with robust, interoperable, 
relatively simple technologies that are fault-tol¬ 
erant and easy to maintain. 

C. For Citizens and Ordinary Users: It must 
maintain access to a wide variety of creative 
works, both past and present, including both 
pubhc-domain works and works still protected 
by copyright. It must maintain access to advanc¬ 
ing consumer technology for uses not related to 
copyright. It must continue to allow for maintain 
fair use (including time-shifring, space-shifting, 
archiving, format translation, excerpting, and so 
on) and also must be flexible enough to allow for 
new, innovative fair uses {e.g., uses of home net¬ 
working and other kinds of fair use we haven’t 
yet imagined or discovered). 

These are, of course, difficult criteria to harmo¬ 
nize. I cannot imagine, for example, a government- 
based regulatory framework that might create this, 
starting at square one. 

I can, however, imagine a way that a truly free 
market in DRM-protected works might get us at 
least closer to these combined goals. The key to 
creating that market is not only to remember and 
value the great creative works that are already in 
the public domain, but also to me DRM pla forms 
as a way of revitalizing and redistributing public- 
domain works. 

Consider: Almost all DRM development nowa¬ 
days — at least when it comes to copyright — is 
designed primarily to protect works that are cur¬ 
rently also within their term of copyright protection 
{e.g., most movies, recent books, and so on). 
Remember Stephen King’s novella, “Riding the 
Bullet,” discussed back in Part I of this essay? It was 
an electronic book, all right, but in many ways it 
was more difficult to use (and to copy from) than it 


would have been if it had been published on paper. 
In general, we expect computers to make informa¬ 
tion easier to get access to, not harder, so the limi¬ 
tations on “Riding the Bullet” and on many other 
e-books are frustrating. (One couldn’t, for example, 
cut-and-paste a passage from King’s novella into a 
high-school essay on the subject — the sort of thing 
a student would love to be able to do with a digital 
book — nor could one print it out, since that 
option was disabled.) This is due primarily to the 
restrictions traditional publishers place on e-book 
publishers — or, if they are within the same com¬ 
pany, on their e-book publishing divisions. 

The practical outcome of the restrictions on 
proprietary e-book formats is that these formats 
are dead in the marketplace — e-books are unpop¬ 
ular, considered clunky and burdensome, and, at 
best, an idea whose time has not yet come. Design¬ 
ers of e-book platforms have been cogitating about 
the “right” combination of content protection and 
flexibility, but in the meantime the whole concept 
of e-books has been languishing. In a world with 
not enough trees in it — a world in which com¬ 
puter displays are now good enough to give us a 
book’s worth of readable text — this is an imac- 
ceptable result. 

E-books and the Public Domain 
Suppose, however, that some enterprising company 
set out to take public-domain works and editions of 
works and make them available on e-book plat¬ 
forms — with all the DRM copy protection turned 
off. That company could sell the e-books at a nom¬ 
inal price over the Web, but might even expressly 
allow that these e-books may be freely copied, 
excerpted, subjected to cut-and-paste, and so on. 

Such an e-book — perhaps a lesser-known Mark 
Twain work, or Constance Garnett’s translations of 
a Russian novel — would have all the advantages of 
being based on a digital platform and none of the 
disadvantages (you could even print out your copy, 
if paper were the only thing that would satisfy you). 

Suppose, further, that DRM-disabled digital- 
format public-domain works became widespread 
— perhaps even via peer-to-peer file sharing. (For 
school districts this availability might signify a way 
to save textbook acquisition costs even as they 


32 



What Every Citizen Should Know About DRM, 
a.k.a. "Digital Rights Management" 


made up for increased expenses in the computer 
lab.) The e-book pubhsher might even produce a 
DRM-enabled teacher’s edition of the same work, 
including critical commentary and lesson plans, 
and generate a revenue stream from the “teacher’s 
edition” — in addition to the revenue generated 
by direct sales of the public-domain work in e- 
book format. 

Nor has this scenario yet touched upon the fact 
that other people besides students read or other¬ 
wise enjoy works that are now in the public 
domain. (Those works may not be limited to 
books; early films and recordings may also be avail¬ 
able for this kind of public-domain dissemination.) 

It seems to me that, should some enterprising 
company, perhaps based in Redmond, Washington, 
or Cupertino, Cahfomia, were to take on this proj¬ 
ect, it would have a golden opportunity both to edu¬ 
cate the public about the potential convenience of 
digital reader or playback software platforms, and to 
help citizens grow more accustomed to using them. 

The next step (or, rather, the accompanying 
step) would be to make the same platforms avail¬ 
able to the publishers of current works. Yes, those 
publishers might insist on (and receive) hmitations 
on the extent to which users could copy or excerpt 
the digital work in question. At the same time, 
however, consumers would know that the hmita¬ 
tions on their use of these works came from the 
publisher (or even the author) and not from the 
platform itself 

One obvious result of this scenario is that con¬ 
sumers become educated that it’s not e-book or 
digital-media formats that are inherently limited — 
it’s that the limitations have been insisted upon by 
particular publishers or artists. This additional 
information enables consumers to make better- 
informed choices — they might choose one work 
over another because its DRM-enabled player has 
been set to be more flexible or less restrictive. 

They might forgo buying books from a particular 
publisher if that publisher insisted on too many 
restrictions. A more informed market for digital 
works is likely over time to become a more rational 
market, making better-informed choices about 
what kinds of access to a work they are willing to 
pay for. And because the consumer-expectation 


baseline is set by the unrestricted availability of 
public-domain works in DRM-enabled formats, 
publishers know that the restrictions they choose 
to impose upon a copyrighted work are going to be 
communicated directly to the buyer. 

It seems to me that a number of benefits immedi¬ 
ately inhere from this proposal. First of all, making 
more public-domain works digitally available and 
more widely distributed enhances citizens’ ability to 
take advantage of the wealth of creative works that 
are already in the public domain. Second, it dimin¬ 
ishes the cost of reproducing 
pubhc-domain works, 
which means that more DRM platforms could 

such works can become 
more widely available at a 
lower cost. Third, it gives 
both pubhshers and digi¬ 
tal-media platform makers 
incentives to loosen restric¬ 
tions rather than tighten 
them, because consumers 
will naturally prefer less 
restrictive formats. Fourth, 
it helps platform makers 
make their platforms for 
digital media more famil¬ 
iar, more commonplace, 
and more user-friendly than 
they are now. 

It may be argued that what I’m proposing here is 
merely that the influential companies that craft 
DRM platforms and schemes perform a kind of 
“community service” in making public-domain 
works available. I think, however, that there is a 
significant value proposition for these companies in 
using their platforms to make public-domain works 
available in an unrestricted way. Part of the value in 
doing so lies in revitahzing (or, perhaps more aptly, 
“vitahzing”) dormant media formats such as e- 
books. Making pubhc-domain works available for a 
nominal price (but nevertheless a price that 
recoups the cost to the company of digital format¬ 
ting and distribution) could jumpstart the currently 
limited market for such books, especially if the for¬ 
mat adds significant value (such as the enhanced 
searchability of texts). 


be used to distribute 
public-domain works in 
unprotected ways - thus 
educating consumers 
about who is insisting on 
copying restrictions for 
newer works. 


33 




V. Conclusion: Can There 
Be a "Humane" DRM? 


Another part of the value of this proposal is that, 
even though it would be possible for a reader to 
get the e-book for free from some downstream 
source, there will always be readers who prefer to 
go to “the source” to obtain a copy they know to 
be pristine, uncorrupted, and unaltered, and who 
will pay a modest fee to do so. So there will be a 
revenue stream associated with making even copy- 
able public-domain books available. The lesson the 
software companies learned in the 1980s — the 
High Volume/Low Cost philosophy in which com¬ 
panies manage to “compete with free” in part by 
making it very affordable to buy a rehable product 
from the rehable source — is a lesson that can 
apply here as well. 

Finally, to the extent making pubhc-domain con¬ 
tent available in DRM platforms with all the pro¬ 
tections set to “off’ educates the market about who 
is making the choices when it comes protecting 
that content (the publisher, not the platform 
maker), it rationalizes that market. The choice for 
vendors will be not between (a) doing a community 
service and promoting the platform and (b) making 
money. The choice will be whether they are willing 
to hazard a business model, based on online distri¬ 
bution for a modest fee of copyable copies of pub¬ 
lic-domain works, that does both. 

One can even imagine that, in the long term, 
even those authors and publishers who want to 
impose some DRM-based restrictions might 
choose different models for imposing those restric¬ 
tions. We know, for example, that Microsoft and 
other technology vendors are developing and seek¬ 
ing standard-setting for a “rights language” that 
may be applied to any digital content. If the base¬ 
line for DRM platforms is that there are no restric¬ 
tions, isn’t it more likely that such “rights 
language” will evolve to accommodate an author or 


publisher who wished to choose a different model 
of rights allocation — e.g., the Creative Commons 
licensing scheme."^** (Perhaps the platform devel¬ 
oper might actually meet with the directors of the 
Creative Commons project, hold a joint press con¬ 
ference, urge that Creative Commons licenses 
become more common — and thus more trusted 
in the marketplace.) 

Most of us believe that artists and authors 
deserve to be compensated, and even that publish¬ 
ers deserve compensation for bringing them to us. 
At the same time, it is a natural human impulse to 
share the creative works we love. (There are few 
greater testaments to this impulse than the Nick 
Hornby novel High Fidelity or the John Cusack 
movie made from Hornby’s book. One of the 
ironies of Hornby’s story is that his music-sharing, 
“mix tape”-making hero is also the owner of a 
record store.) In the absence of a more humane 
variety of DRM, these interests may be at odds with 
one another. It seems to me, however, that the only 
path to a more humane DRM, one in which market 
forces lead to accommodations of both set of inter¬ 
ests, is to regulate only minimally, if at all, to man¬ 
date copy-protection technologies. And that 
minimal-regulation framework has to be accompa¬ 
nied by an investment by DRM designers and mak¬ 
ers in promoting and preserving the pubhc domain. 

The question before us, then, is how to harness 
both the technical ingenuity behind DRM and the 
human drive to share the works that we enjoy in a 
way that leverages the best from both. Because it is 
only by taking advantage both of human ingenuity 
and human nature that we will solve the problems 
of maintaining the value of copyright — the 
rewarding of creative artistic endeavor and the 
sharing of the fruits of that endeavor — as we 
move further into a digital world. 


34 



What Every Citizen Should Know About DRM, 
a.k.a. "Digital Rights Management" 


Selected Readings 

Books, Articles, and Testimony 

Readers who are interested in the topics of copyright, 
digital media, digital-rights management, and the rela¬ 
tionships among these topics as discussed in this DRM 
primer may find the following selection of books, arti¬ 
cles, and testimony to be useful starting points for read¬ 
ing and research. 

Biddle, Peter, Paul England, Marcus Peinado, and 
Bryan Willman. “The Darknet and the Future of Con¬ 
tent Distribution,” 2002 ACM Workshop on Digital 
Rights Management, November 18, 2002 

Brinkley, Joel. Defining Vision: How Broadcasters 
Lured the Government into Inciting a Revolution 
in Television (Revised), Harvest Books, 1998. 

Craver, Scott A., Min Wu, Bede Liu, Adam Stubble¬ 
field, Ben Swartzlander, Dan S. Wallach, Drew Dean, 
and Edward W. Felten. “Reading Between the Lines: 
Lessons from the SDMI Challenge,” Proceedings of 
10th Annual USENIX Security Symposium, Washing¬ 
ton, DC, August 2001. 

Davidson, Alan. Statement of Alan Davidson, Associate 
Director, the Center for Democracy and Technology, 
“Peer to Peer File Sharing and Security.” Testimony 
before the House Committee on Government Reform, 
May 15, 2003. Available at <http://www.cdt.org/testi- 
mony/030515davidson.pdf>. 

Godwin, Mike. Cyber Rights: Defending Free 
Speech in the Digital Age, Chapter 7, “The Battle 
Over Copyright on the Net (and other Intellectual 
Property Encounters).” Pp. 185-245. MIT Press, 2003. 

Kirovski, D., and F.A.P. Petitcolas. “Replacement 
Attack on Arbitrary Watermarking Systems.” ACM 
Workshop on Digital Rights Management, 2002 

Lemley, Mark. “Romantic Authorship and the Rhetoric 
of Property.” 75 Tex. L. Rev. 873 (1997) 

Lessig, Lawrence. The Future of Ideas: The Fate of 
the Commons in a Connected World, Vintage, 2002 


Litman, Jessica. Digital Copyright: Protecting Intel¬ 
lectual Property on the Internet. Prometheus Books, 
2001 . 

Sohn, Gigi B. Statement of Gigi B. Sohn, President, 
Public Knowledge, “Piracy of Intellectual Property on 
Peer-to-Peer Networks.” Testimony before the House 
Judiciary Committee, Subcommittee on Courts, the 
Internet and Intellectual Property. September 26, 2002. 
Available at 

<http://www.house.gOv/judiciary/sohn092602.htm>. 

Vaidhyanathan, Siva, Copyrights and Copywrongs: 
The Rise of Intellectual Property and How It 
Threatens Creativity, New York University Press, 
2001 

Statutes and Treaties 

The legal framework for the protection of copyrighted 
works is grounded both in national and in interna¬ 
tional law. 

The stamtory scheme for the protection of copyrighted 
works under United States law is the Copyright Act, 
Title 17 of the United States Code — specifically chap¬ 
ters 1 through 8 and 10 through 12 of Title 17. The 
Copyright Act of 1976, which provides the basic 
scheme for the current copyright law, was enacted on 
October 19, 1976, as Pub. L. No. 94-553, 90 Stat. 

2541. In the digital era, the U.S. copyright law has 
been more frequently subject to major or minor 
amendment by Congress; nevertheless, a reasonably 
current version of the Copyright Law of the United 
States of America and related laws contained in 
Title 17 of the United States Code can be found 
at the U.S. Copyright Office website at 
<http:// WWW. copyright, gov/ title 1 7/> . 

The treaty-based international framework for 
protection of copyrighted works is established by 
the Berne Convention for the Protection of Liter¬ 
ary and Artistic Works, available at 
<http://www.wipo.org/clea/docs/en/wo/wo001en.htm>. 


35 



Selected Readings 


Court cases 

Two court cases in particular may shed light on central 
issues concerning the law of copyright as it generally 
operates in the United States today. In Dowling v. 
United States, 473 U.S. 207 (1985), the United States 
Supreme Court discusses the extent to which copyright 
interests are distinguishable from traditional property 
interests. In Feist Publications, Inc. v. Rural Tele¬ 
phone Service Co., 499 U.S. 340 (1991), the Supreme 
Court discusses at length the scope of protection that 
copyright law provides to created works under the 
United States Constitution. 

Those interested in the relationship between the sub¬ 
stantive provisions of the U.S. copyright laws and the 
Digital Millennium Copyright Act’s prohibition of 
technologies that “circumvent” DRM should read the 


memorandum decision in the federal district court case 
Universal City Studios, Inc. v. Reimerdes, 111 F. 
Supp. 2d 294 (S.D.N.Y. 2000). That case was affirmed 
by a federal appeals court in Universal City Studios, 
Inc. V. Corley, 273 F.3d 429 (2nd Cir. 2001) 

The leading case concerning individuals’ rights to 
engage in some degree of unlicensed copying of copy¬ 
righted material is the U.S. Supreme Court’s decision 
in Sony v. Universal Studios 464 US. 417, 104 S. Ct. 
774, 78 L. Ed. 2d 574 (1984). Sometimes known as 
“the Betamax case,” Sony adopted a district court’s 
finding that “even the unauthorized home time-shifting 
of [content owners’] programs is legitimate fair use,” 
and concluded that devices that enable such “commer¬ 
cially significant noninfringing uses” are not violations 
of the Copyright Act. 


36 



What Every Citizen Should Know About DRM, 
a.k.a. "Digital Rights Management" 


Endnotes 


1 When I say we don’t “normally” make exceptions for unau¬ 
thorized uses of other people’s property, I am not saying 
there are no exceptions. The law allows us to make certain 
uses of other people’s property in some kinds of emergen¬ 
cies, for example, and it may allow a government to invoke 
its power of eminent domain to authorize a utility company 
to tear up your front yard in service of some larger public 
good. Copyright law is nevertheless different because it 
allows for some routine and regular uses of others’ prop¬ 
erty without their authorization. 

^ Sometimes such shared “property” is called a “commons,” 
based on the tradition that there may be property in a 
township whose use and ownership is shared by everybody 
in the town. 

^ The American copyright doctrine called “fair use” has no pre¬ 
cise counterpart in other countries, but there are some simi¬ 
lar protections in other countries for unauthorized copying 
— these protections derive from copyright doctrines relat¬ 
ing to “fair dealing” and “private copying.” This paper 
focuses more on the American doctrine of fair use than on 
these analogous doctrines in other countries, but its reason¬ 
ing may be applied widiout much modification in most 
odier countries that, like the United States, are signatories 
to the Berne Convention (an international copyright treaty). 

4 The term “intellectual property” is a newer term than you 
may think — only a few decades old, according to law pro¬ 
fessor Mark Lemley. See Lemley, “Romantic Authorship 
and the Rhetoric of Property,” 75 Tex. L. Rev. 873 (1997) 
at footnote 123. 

3 Throughout this paper, the term “copy protection” is used 
interchangeably with “DRM.” 

^ A more complete discussion of the fact that analog content 
can be digitally copied appears in section II of this paper. 

^ Other artists and authors and publishers approach the prob¬ 
lem differently, however, by suggesting that perhaps com¬ 
pensation of artists and authors should not focus so much 
on the making of copies of the creative work. There are 
other models for compensating artists, which include but 
are not limited to compulsory licensing and levies on play¬ 
back or recording equipment. This paper does not advocate 
any of these alternatives; it assumes that the making and 
selling of copies of creative works will remain at die heart 
of the compensation system for some time to come. 

® This is the approach used by cable-television set-top boxes. 
Once the scrambling or decryption technology of a set-top 
box is understood, the box itself can be “pirated” and dupli¬ 
cated, making it possible for the creation of an aftermarket 
in illegal, cloned cable descramblers. And in fact a number 
of such descrambler-cloning enterprises exist, in spite of 
their illegality. 


^ See, e.g.^ Hernandez, “DVD sales up 57% in 1st half of 2003,” 
Los Angeles Daily News, Aug. 4, 2003, republished in The 
Arizona Republic’s online edition at <http://Avww.azcentral. 
com/arizonarepublic/business/articles/0804dvds04.html>. 

NGSCB was formerly known as “Palladium,” its in-house 
codename at Microsoft Corp. 

11 Advocates of “trusted computing” make a point of stressing 

that trusted computing is not itself DRM, but merely may 
be used as the basis of a DRM scheme. While this reserva¬ 
tion is certainly true, the available public reports concerning 
trusted computing suggest that content protection and con¬ 
trol (by the content provider) were among the initial moti¬ 
vations for the development of this technology. It also seems 
likely that content-protection schemes will be among the 
first and foremost uses of trusted-computing arcliitectures. 

12 Ironically, however, the typical protection scheme offered for 

marked TV content that is broadcast “in the clear” is to 
encrypt it after it has been “demodulated” (that is, received 
by a TV receiver). In this scenario, marking the content is 
not really an alternative to encryption-based protection; it 
simply requires encryption at a different point in the trans¬ 
mission chain from broadcaster to audience. Why policy¬ 
makers might consider this a better alternative than simple 
end-to-end encryption, especially given that the content is 
“in the clear” and unprotected for most of die distance it 
travels, is unclear. 

D The most obvious way to digitize (or redigitize) analog con¬ 
tent is to point a digital movie camera at a movie or televi¬ 
sion screen. A less obvious way, perhaps, is the use of a 
personal video recorder, such as TiVo or ReplayTA^ to cap¬ 
ture analog television content in digital form. Many digital 
television receivers have been produced witli analog out¬ 
puts so that they can be integrated into existing home- 
entertainment systems. This means such receivers can be 
used to “route” in-the-clear digital content through analog 
interfaces, after which the content can be redigitized with¬ 
out any protections associated with it. 

H Once one captures digital content, one can use a computer to 
remove, modify, or forge a label. While the content may be 
encrypted while in transition to display, it must ultimately 
be displayed “in die clear” (that is, decrypted) in order for 
an audience to use it. Obviously, cryptography alone cannot 
prevent the complete removal of a label of content that is 
displayed or otherwise made available in unencrypted form. 


37 



Endnotes 


The watermarks discussed in this paper are “robust” water¬ 
marks, which are designed to survive cormnon operations 
such as data compression. Other types of watermarks are 
“fragile,” meaning that they are deliberately designed so 
that they do not survive such operations. Fragile water¬ 
marks are useful only in conjunction with robust water¬ 
marks, and fragile watermarks are by definition easily 
removed from content, so dieir use cannot increase a sys¬ 
tem’s resistance to hostile attack. The idea is that if a 
machine detector finds the presence of a robust watermark 
in the absence of a fragile watermark, it follows that the 
content has been inappropriately manipulated. But since 
the dieory relies on the proposition that there is such a 
thing as a robust watermark, we need to focus only on 
whether such robust watermarks are possible. 

16 “Fingerprint” is a term of art that unfortunately has different 
meanings in different subareas of computer science (as well 
as odier areas of science, of course). Here we use the mean¬ 
ing common in discussions of digital copy protection. 

One possible use of watermarks that has been discussed is the 
use of “serial watermarks” as a form of what might be 
called “externally imposed fingerprinting.” For example, 
when a user buys a recording from a website, the down¬ 
loaded file could be uniquely marked with a subtle mark 
reflecting not the characteristics of the music but the iden¬ 
tity of the buyer. This measure might enable content com¬ 
panies to track the source of an infringing digital copy of 
the recording found on the Internet. No scheme currently 
proposed entails the use of “serial watermarks,” so I do not 
critique such a scheme here, although I note in passing that 
users may be wary of a scheme aimed at branding the con¬ 
tent they experience with identifying information. 

In practical terms, this means that all content is traded in 
unprotected, mimarked form on the Internet today may con¬ 
tinue to be traded, absent the sort of regime described below. 

Nevertheless, such an approach has been suggested by some 
advocates of copy protection in the context of the United 
States’ planned transition to digital broadcast television, 
which is seen, incorrectly, as posing a unique threat to 
copyright holders. 

The consumer markets for movies and (especially) for music 
have of course endured a number of format changes. What 
made the transitions — e.g., from VHS movies to DVD 
movies, and from music LPs and cassettes to CDS — toler¬ 
able for consumers were that they were unforced; con- 
smners got to choose when they would move to a new 
format, and could set up their home entertainment systems 
to accommodate multiple formats. This will not be the case 
during the transition to digital television in the United 
States because the U.S. government plans to reclaim the 
spectrum loaned to broadcasters during the digital transi¬ 
tion so tiiat broadcasters could transmit both digital and 
analog television. Once the transition is complete, analog 
broadcasts will be shut off, and consumers will have to pay 
to upgrade their equipment in order to receive broadcast 
television content. 


I distinguish here between media(such as music 
recordings and television) and mtdivai formats (such as 
music CD and cassette formats, or tiie analog and digital 
television formats). Media formats may change frequently, 
and at a faster rate as technological advance accelerates, but 
new media forms arise less frequently. 

22 This threat model for digital broadcast television has been 
significantly criticized by a number of participants in the 
Federal Communications Commission’s proceedings 
regarding broadcast-flag regulation. It has been noted, for 
example, that data files of digital-television content are gen¬ 
erally too large to be easily transmitted over the Internet, 
absent file compression that reduces the quality of such 
content. This remains true even if we assume that broad¬ 
band Internet transmission capability will continue to grow 
significantly over the next decade. As has been pointed out 
earlier in this paper, analog television content is more vul¬ 
nerable to Internet redistribution because, once digitized, 
its data-file sizes are significant smaller than tliose for 
HDTV program, and thus easier to transmit and receive. 

2^ There is one exception to this rule: the demodulating device 
can only pass on content without checking for the broad¬ 
cast flag, provided that it does not erase any broadcast flag 
that might be present, and provided that it passes tiie con¬ 
tent through robust channels on only to devices which will 
themselves check the broadcast flag. Since ultimately the 
content is streamed or transmitted only to devices that 
check for the flag, we will discuss only the flag-checking 
component of the broadcast-flag scheme here. 

24 “Table A” is the name of the appendix to die broadcast-flag pro¬ 

posal that lists technologies acceptable for protecting flagged 
content. The Federal Communications Commission has 
adopted the “Table A” approach, but as of November 2003 
no technologies had been adopted or admitted to Table A. 

25 A “dovrastream” device is, essentially, any device that does not 

itself contain a television signal demodulator but that can 
connect to a device that either demodulates broadcast signals, 
or to a device that itself has received demodulated content. In 
short, a downstream device is any device that receives demod¬ 
ulated content as the result of a digital comiection — the hard 
disk in a TiVo personal video recorder, for example. 

26 The fact that the scope of devices affected by a broadcast-flag 

scheme is indeterminate is a key reason that there has never 
been an inter-industry consensus favoring the scheme. 

27 See Scott A. Graver, Min Wu, Bede Liu, Adam Stubblefield, 

Ben Swartzlander, Dan S. Wallach, Drew Dean, and Edward 
W. Felten. “Reading Between the Lines: Lessons from the 
SDMI Challenge,” Proceedings of lOth Annual USENIX 
Security Symposimn, Wasliington, DC, August 2001. 

28 The FCC’s broadcast-flag report and order in November 

2003 takes just this approach — a “narrowed” order that 
leaves many devices untouched, and that also does not 
address alternative means by which digital TV content can 
be captured, such as the “analog hole.” 


38 



What Every Citizen Should Know About DRM, 
a.k.a. "Digital Rights Management" 


It may be argued that consumers already know that they are 
routinely surrendering private infonnation in other contexts, 
such as credit-card purchases, video-on-demand orders, and 
so forth, so that their surrender of private information in the 
content-purchase context is at most incremental and unlikely 
to trouble consumers. Nevertheless, it seems likely that at 
least some consumers will be troubled by the transition from 
(a) a world in which content such as books, music albums, and 
DVDs can be purchased anonymously with cash, enjoyed, 
(and then resold) into (b) a world in which the content a con¬ 
sumer purchases is “tethered” to that individual, knowji to be 
associated with that individual, and cafik be resold. 

The federal Digital Millennium Copyright Act has been 
interpreted in at least one case to forbid even the dissemi¬ 
nation of information that can be used to defeat a DRM 
scheme. See Universal City Studios, Inc. v. Reimerdes, 111 E 
Supp. 2d 294 (S.D.N.Y. 2000). In theory, then, this very 
discussion of using felt-tip markers to defeat CD copy pro¬ 
tection might be deemed illegal. A discussion of the 
DMCA follows below. 

31 See 17U.S.C., Sec. 1201(c)(3). 

32 “Ripping” is the reduction of music from its native digital 

format on CD to reduced-in-size formats such as MP3. 

The term may also be applied to the reduction to MP3 of 
music in analog formats, such as the tracks on LP records. 

33 “Burning” is the reproduction of music in compressed for¬ 

mats, such as MP3, to a writable CD or some other 
writable optical medium. “Burning” of music files may or 
may not include re-expansion of the files into a non-com- 
pressed fonnat. 

3'! Ironically enough, the unauthorized copying of current televi¬ 
sion shows most commonly originates as digitized copies of 
analog transmissions. Actual HDTV content, wliich is digi¬ 
tal, cannot be significandy compressed without loss of the 
very video quality that makes it special, which makes digital 
TV content safer from this kind of infringement than is 
ordinary analog television. Nevertheless, it is a widely 
accepted myth diat digital television, merely by virtue of 
being digital, is more subject to peer-to-peer infringement 
than is analog TV content. At some level, however, content 
companies see past this myth; hence their effarts to develop 
marking schemes that survive digital-to-analog/analog-to- 
digital conversions, or, in the alternative, to pressure device 
makers to “retire” analog technologies altogether. 

33 The DMCAs notice-and-takedown provisions create a liabil¬ 
ity “safe harbor” for Internet service providers and others 
who, when given notice by a copyright holder that their 
service or site contains infringing copies of copyrighted 
works, immediately take down the content in question. The 
statute also includes an appeals process for those who 
believe the works on their service or site are not instances 
of copyright infringement. 

36 Of course, it is well documented that the recording industry 
has started to bring infringement actions against parties it 
considers to be the most egregious file-trading infringers of 


music copyrights. Whether this campaign has successfully 
deterred illegal file trading is unclear. A recent Pew 
Research Center poll <http://www.pewintemet.org/reports/ 
toc.asp?Report=109> concluded that such deterrence may 
have occurred, but critics of the poll’s methodology have 
argued that the data are ambiguous at best, since accurate 
data would depend on respondents’ admitting to illegal 
activity. See, e.g., Schwartz, John, “In Survey, Fewer Are 
Sharing Files (Or Admitting It),” The New York Times, ^ 2 x 1 . 

5, 2004. Section C, Page 1. 

37 Increasingly, there are efforts to design what is called “fair use” 

into DRM schemes — here the tenn “fair use” does not 
carry the same meaning it carries in the Copyright Act. 
Instead, it signifies some degree of individual copying, in line 
witii what is currently considered to be fair use under Ameri¬ 
can copyright law. Legally speaking, such design efforts can¬ 
not be said to add up to “fair use,” since in effect they allow 
instances of authorized copying — authorized, in this case, by 
the copyright holder and the designers of the DRM scheme 
— rather than the kind of unauthorized copying that is dealt 
witii in Section 107 of tiie Copyright Act. 

38 Nevertheless, at least one router company has offered to build 

DRM in at the router level. Outside experts remain skeptical 
that such a scheme can be implemented credibly, however, 
and they also note that, in order to work, such a scheme 
would require tiie replacement of most or all Internet routers 
currently being used. This of course would be a boon for 
router manufacturers, albeit a cost to nearly everyone else. 

39 Some readers may ask at this point whether it is appropriate to 

allow DRM to exist at all, given the remedies that copyright 
owners aheady possess under our copyright law. I understand 
and sympathize with their point. I also note, however, that 
our legal system allows us to take steps in other areas to pre¬ 
vent hann from coming to ourselves and to our interests. For 
example, we have the right to physically defend ourselves 
from assault, even when such defenses might themselves be 
considered criminal if unprovoked, and we have the right to 
lock up our tangible goods in our houses, even tiiough we 
also have legal redress should we be stolen from or burglar¬ 
ized. Neither of these examples should be taken as analogous 
to the copyright bargain, whose built-in balances are unique, 
implicate free-speech considerations, and do not easily map 
to other areas of law. Copyright, as the Supreme Court has 
said, is “no ordinary chattel.” But I tliink most citizens’ intu¬ 
itions about what the copyright-law balance should include 
at least some measure of self-help. Assuming those intuitions 
are correct, I infer that at least some degree of DRM may be 
considered acceptable, so long as it is implemented in a man¬ 
ner consistent with longstanding copyright policy and with 
the First Amendment. 

40 Creative Commons licenses allow artists and authors to 

make their works available on terms more favorable to 
readers and viewers of the work than copyright law pro¬ 
vides. At the same time, these licenses enable artists and 
authors to maintain some degree of control over the use of 
their works. For more information about tiiese licenses, 
and about the Creative Commons Project generally, see 
<http://www.creativecommons.org> 


39 



Public Knowledge 


1875 Connecticut Ave., NW 
Suite 650 

Washington, DC 20009 
Phone; 202-518-0020 • Fax; 202-986-2539 

PUBLICKNOWLEDGE.ORG 




NEW America 

FOUNDATION 

1630 Connecticut Ave., NW 
7th Floor 

Washington, DC 20009 
Phone; 202-986-2700 • Fax; 202-986-3696 


WWW.NEWAMERICA.NET 




